SlideShare a Scribd company logo

Consul ou comment bien tirer sur l’élastique

N
Nicolas Ledez

L’élasticité, c’est comme le sexe chez les ados : tout le monde en parle, tout le monde se vante d’avoir la plus belle, la plus élastique... (on parle bien d'infrastructure !) mais au final, quand on creuse un peu, c’est souvent des bouts de ficelles qui font tenir tout ça.

Engineering
1 of 160
Download to read offline
Consul ou comment bien se tirer sur l’élastique Nicolas / @nledez / Cozy Cloud Rennes devops 20/03/2018
<Nicolas Ledez>
Cozy Cloud
Cozy Cloud
http://rennesdevops.fr/ @Rennesdevops https://groups.google.com/forum/#!forum/rennesdevops
28, 29 et 30 mars @breizhcamp / www.breizhcamp.org
28, 29 et 30 mars @breizhcamp / www.breizhcamp.org
@nledez
</Nicolas Ledez>
Introduction
Élasticité ?
Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ?
Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ?
Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ? • Virtualisation + Cloud = IaaS
Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ? • Virtualisation + Cloud = IaaS • Mais comment je mets à jours ma configuration ?
HashiCorp
HashiCorp • VirtualBox -> Mitchell Hashimoto
HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp
HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops”
HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops” • En opensource
HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops” • En opensource • Et en mode commercial
HashiCorp
HashiCorp
HashiCorp
HashiCorp
Consul
Consul • Découverte de services
Consul • Découverte de services • Tests de vie
Consul • Découverte de services • Tests de vie • Base de donnée clé/valeur
Consul • Découverte de services • Tests de vie • Base de donnée clé/valeur • Multi centre de données
Consul comment ça marche ?
Gossip Serf
Consul
Consul • Clients
Consul • Clients • Servers
Consul • Clients • Servers • Leader
Consul • Clients • Servers • Leader • Bootstrap
Consul / configuration
Consul / configuration • Paramètres
Consul / configuration • Paramètres • Fichier
Consul / configuration • Paramètres • Fichier • Fichiers
Consul / serveur
Consul / serveur • "server": true
Consul / serveur • "server": true • "datacenter": “zombiland”
Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev"
Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul"
Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul" • "start_join": [“10.0.0.1”,“10.0.0.2”,“10.0.0.3”]
Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul" • "start_join": [“10.0.0.1”,“10.0.0.2”,“10.0.0.3”] • "ui": true
Consul / KV
Consul / KV
Consul / KV • consul-client:~$ consul kv get hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops'
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}]
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}]
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello • true
Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello • true
Consul / Service
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html>
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } } ubuntu@app-01:~$ sudo service app stop app stop/waiting
Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } } ubuntu@app-01:~$ sudo service app stop app stop/waiting
Chiffrer ?
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==",
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==", 22:06:56.394382 IP 192.168.168.67.8301 > 192.168.168.66.8301: UDP, length 53 0x0000: 4500 0051 a9b7 4000 4011 bf0d c0a8 a843 E..Q..@.@......C 0x0010: c0a8 a842 206d 206d 003d d225 01b3 e8c9 ...B.m.m.=.%.... 0x0020: f2c0 e852 6369 0060 3c32 48fa 3e5f 2318 ...Rci.`<2H.>_#. 0x0030: e518 b550 3d99 3dc2 4875 ce71 8ae5 fa93 ...P=.=.Hu.q.... 0x0040: 983b 8925 941e dd8e e4c3 e523 b5dd fdbb .;.%.......#.... 0x0050: 7d }
Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==", 22:06:56.394382 IP 192.168.168.67.8301 > 192.168.168.66.8301: UDP, length 53 0x0000: 4500 0051 a9b7 4000 4011 bf0d c0a8 a843 E..Q..@.@......C 0x0010: c0a8 a842 206d 206d 003d d225 01b3 e8c9 ...B.m.m.=.%.... 0x0020: f2c0 e852 6369 0060 3c32 48fa 3e5f 2318 ...Rci.`<2H.>_#. 0x0030: e518 b550 3d99 3dc2 4875 ce71 8ae5 fa93 ...P=.=.Hu.q.... 0x0040: 983b 8925 941e dd8e e4c3 e523 b5dd fdbb .;.%.......#.... 0x0050: 7d }
TLS ?
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert",
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert",
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key",
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait :
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait : - Je n’ai pas réussi à le faire fonctionner
TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait : - Je n’ai pas réussi à le faire fonctionner - J’ai mis un nginx en attendant
ACL ?
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}]
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true,
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1",
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157",
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", "acl_default_policy": "deny",
ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", "acl_default_policy": "deny", "acl_down_policy": “deny",
ACL 1/4
ACL 1/4 • Master
ACL 1/4 • Master • Client / policy
ACL 1/4 • Master • Client / policy • Droit allow/deny
ACL 1/4 • Master • Client / policy • Droit allow/deny • Quoi (agent, service, clés, …)
ACL 1/4 • Master • Client / policy • Droit allow/deny • Quoi (agent, service, clés, …) • Anonymous
ACL 2/4
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “”
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “” • ubuntu@consul-client:~$ consul info
ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “” • ubuntu@consul-client:~$ consul info • Error querying agent: Unexpected response code: 403 (Permission denied)
ACL 3/4
ACL 3/4
ACL 3/4
ACL 3/4
ACL 3/4
ACL 3/4
ACL 4/4
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default>
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default>
ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default> ubuntu@consul-01:~$ consul info Feb 12 17:43:45 consul-01 consul[19544]: http: Request GET /v1/agent/self, error: Permission denied from=127.0.0.1:36231 Error querying agent: Unexpected response code: 403 (Permission denied) ubuntu@consul-01:~$ export CONSUL_HTTP_TOKEN=d64c69dd-4c17-44f1-a5d8-48fac021d157 ubuntu@consul-01:~$ consul info agent: check_monitors = 0 check_ttls = 0 checks = 0 services = 0 build:
Et maintenant ?
App / haproxy
App / haproxy
App / haproxy global user haproxy daemon defaults mode http stats uri /ha_stats stats auth demo:pass frontend front bind *:80 mode http default_backend app backend app mode http server app-01 192.168.168.69:8080 check inter 1s
App / haproxy global user haproxy daemon defaults mode http stats uri /ha_stats stats auth demo:pass frontend front bind *:80 mode http default_backend app backend app mode http server app-01 192.168.168.69:8080 check inter 1s
Consul-template
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }}
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
Conclusion
Conclusion
Conclusion • J’aime systemd
Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides)
Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd
Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd • Consul permet de simplifier l’élasticité
Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd • Consul permet de simplifier l’élasticité • Mais potentiellement ajouter des problèmes
Questions ? Réponses ?
Merci !

Recommended

Operation Oriented Web Applications / Yokohama pm7
Operation Oriented Web Applications / Yokohama pm7Operation Oriented Web Applications / Yokohama pm7
Operation Oriented Web Applications / Yokohama pm7Masahiro Nagano
 
AnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webAnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webclkao
 
A Gentle Introduction to Event Loops
A Gentle Introduction to Event LoopsA Gentle Introduction to Event Loops
A Gentle Introduction to Event Loopsdeepfountainconsulting
 
Modern Perl
Modern PerlModern Perl
Modern PerlDave Cross
 
Bootstrap your Cloud Infrastructure using puppet and hashicorp stack
Bootstrap your Cloud Infrastructure using puppet and hashicorp stackBootstrap your Cloud Infrastructure using puppet and hashicorp stack
Bootstrap your Cloud Infrastructure using puppet and hashicorp stackBram Vogelaar
 
Perl: Coro asynchronous
Perl: Coro asynchronous Perl: Coro asynchronous
Perl: Coro asynchronous Shmuel Fomberg
 
Asynchronous programming patterns in Perl
Asynchronous programming patterns in PerlAsynchronous programming patterns in Perl
Asynchronous programming patterns in Perldeepfountainconsulting
 
Perl: Hate it for the Right Reasons
Perl: Hate it for the Right ReasonsPerl: Hate it for the Right Reasons
Perl: Hate it for the Right ReasonsMatt Follett
 

Recommended

Operation Oriented Web Applications / Yokohama pm7
Operation Oriented Web Applications / Yokohama pm7Operation Oriented Web Applications / Yokohama pm7
Operation Oriented Web Applications / Yokohama pm7Masahiro Nagano
 
AnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webAnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webclkao
 
A Gentle Introduction to Event Loops
A Gentle Introduction to Event LoopsA Gentle Introduction to Event Loops
A Gentle Introduction to Event Loopsdeepfountainconsulting
 
Modern Perl
Modern PerlModern Perl
Modern PerlDave Cross
 
Bootstrap your Cloud Infrastructure using puppet and hashicorp stack
Bootstrap your Cloud Infrastructure using puppet and hashicorp stackBootstrap your Cloud Infrastructure using puppet and hashicorp stack
Bootstrap your Cloud Infrastructure using puppet and hashicorp stackBram Vogelaar
 
Perl: Coro asynchronous
Perl: Coro asynchronous Perl: Coro asynchronous
Perl: Coro asynchronous Shmuel Fomberg
 
Asynchronous programming patterns in Perl
Asynchronous programming patterns in PerlAsynchronous programming patterns in Perl
Asynchronous programming patterns in Perldeepfountainconsulting
 
Perl: Hate it for the Right Reasons
Perl: Hate it for the Right ReasonsPerl: Hate it for the Right Reasons
Perl: Hate it for the Right ReasonsMatt Follett
 
What we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopWhat we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopPuppet
 
Lies, Damn Lies, and Benchmarks
Lies, Damn Lies, and BenchmarksLies, Damn Lies, and Benchmarks
Lies, Damn Lies, and BenchmarksWorkhorse Computing
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Toru Furukawa
 
HTTP Caching and PHP
HTTP Caching and PHPHTTP Caching and PHP
HTTP Caching and PHPDavid de Boer
 
Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionJoshua Thijssen
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and PythonPiXeL16
 
Domains!
Domains!Domains!
Domains!Domenic Denicola
 
A reviravolta do desenvolvimento web
A reviravolta do desenvolvimento webA reviravolta do desenvolvimento web
A reviravolta do desenvolvimento webWallace Reis
 
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史Shengyou Fan
 
Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!Anatoly Sharifulin
 
Real-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.ioReal-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.ioRick Copeland
 
Follow the White Rabbit - Message Queues with PHP
Follow the White Rabbit - Message Queues with PHPFollow the White Rabbit - Message Queues with PHP
Follow the White Rabbit - Message Queues with PHPEric Rodriguez (Hiring in Lex)
 
Refactoring Infrastructure Code
Refactoring Infrastructure CodeRefactoring Infrastructure Code
Refactoring Infrastructure CodeNell Shamrell-Harrington
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocketDamien Krotkine
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
 
Beyond Phoenix
Beyond PhoenixBeyond Phoenix
Beyond PhoenixGabriele Lana
 
Boom! Promises/A+ Was Born
Boom! Promises/A+ Was BornBoom! Promises/A+ Was Born
Boom! Promises/A+ Was BornDomenic Denicola
 
Beyond Page Level Metrics
Beyond Page Level MetricsBeyond Page Level Metrics
Beyond Page Level MetricsPhilip Tellis
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Workhorse Computing
 
Mojo as a_client
Mojo as a_clientMojo as a_client
Mojo as a_clientMarcus Ramberg
 
Network programming
Network programmingNetwork programming
Network programmingKrasimir Berov (Красимир Беров)
 
About Clack
About ClackAbout Clack
About Clackfukamachi
 

More Related Content

What's hot

What we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopWhat we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopPuppet
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Toru Furukawa
 
HTTP Caching and PHP
HTTP Caching and PHPHTTP Caching and PHP
HTTP Caching and PHPDavid de Boer
 
Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionJoshua Thijssen
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and PythonPiXeL16
 
A reviravolta do desenvolvimento web
A reviravolta do desenvolvimento webA reviravolta do desenvolvimento web
A reviravolta do desenvolvimento webWallace Reis
 
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史Shengyou Fan
 
Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!Anatoly Sharifulin
 
Real-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.ioReal-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.ioRick Copeland
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
 
Boom! Promises/A+ Was Born
Boom! Promises/A+ Was BornBoom! Promises/A+ Was Born
Boom! Promises/A+ Was BornDomenic Denicola
 
Beyond Page Level Metrics
Beyond Page Level MetricsBeyond Page Level Metrics
Beyond Page Level MetricsPhilip Tellis
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Workhorse Computing
 

What's hot (20)

What we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopWhat we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at Backstop
 
Lies, Damn Lies, and Benchmarks
Lies, Damn Lies, and BenchmarksLies, Damn Lies, and Benchmarks
Lies, Damn Lies, and Benchmarks
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012
 
HTTP Caching and PHP
HTTP Caching and PHPHTTP Caching and PHP
HTTP Caching and PHP
 
Puppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG editionPuppet for dummies - PHPBenelux UG edition
Puppet for dummies - PHPBenelux UG edition
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and Python
 
Domains!
Domains!Domains!
Domains!
 
A reviravolta do desenvolvimento web
A reviravolta do desenvolvimento webA reviravolta do desenvolvimento web
A reviravolta do desenvolvimento web
 
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
[PHP 也有 Day] 垃圾留言守城記 - 用 Laravel 阻擋 SPAM 留言的奮鬥史
 
Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!Mojolicious. Веб в коробке!
Mojolicious. Веб в коробке!
 
Real-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.ioReal-Time Python Web: Gevent and Socket.io
Real-Time Python Web: Gevent and Socket.io
 
Follow the White Rabbit - Message Queues with PHP
Follow the White Rabbit - Message Queues with PHPFollow the White Rabbit - Message Queues with PHP
Follow the White Rabbit - Message Queues with PHP
 
Refactoring Infrastructure Code
Refactoring Infrastructure CodeRefactoring Infrastructure Code
Refactoring Infrastructure Code
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocket
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
 
Beyond Phoenix
Beyond PhoenixBeyond Phoenix
Beyond Phoenix
 
Boom! Promises/A+ Was Born
Boom! Promises/A+ Was BornBoom! Promises/A+ Was Born
Boom! Promises/A+ Was Born
 
Beyond Page Level Metrics
Beyond Page Level MetricsBeyond Page Level Metrics
Beyond Page Level Metrics
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.
 
Mojo as a_client
Mojo as a_clientMojo as a_client
Mojo as a_client
 

Similar to Consul ou comment bien tirer sur l’élastique

Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
ソーシャルアプリ向けシステム監視運用の勘所
ソーシャルアプリ向けシステム監視運用の勘所ソーシャルアプリ向けシステム監視運用の勘所
ソーシャルアプリ向けシステム監視運用の勘所Tatsuro Hisamori
 
Service Discovery Like a Pro
Service Discovery Like a ProService Discovery Like a Pro
Service Discovery Like a ProEran Harel
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in KubernetesMinhan Xia
 
Automatisation in development and testing - within budget
Automatisation in development and testing - within budgetAutomatisation in development and testing - within budget
Automatisation in development and testing - within budgetDavid Lukac
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summitLee Briggs
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Docker, Inc.
 
DRb and Rinda
DRb and RindaDRb and Rinda
DRb and RindaMark
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Socket applications
Socket applicationsSocket applications
Socket applicationsJoão Moura
 
Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Eran Harel
 

Similar to Consul ou comment bien tirer sur l’élastique (20)

Network programming
Network programmingNetwork programming
Network programming
 
About Clack
About ClackAbout Clack
About Clack
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
Intro to Consul
Intro to ConsulIntro to Consul
Intro to Consul
 
Mojolicious
MojoliciousMojolicious
Mojolicious
 
ソーシャルアプリ向けシステム監視運用の勘所
ソーシャルアプリ向けシステム監視運用の勘所ソーシャルアプリ向けシステム監視運用の勘所
ソーシャルアプリ向けシステム監視運用の勘所
 
Service Discovery Like a Pro
Service Discovery Like a ProService Discovery Like a Pro
Service Discovery Like a Pro
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
 
Automatisation in development and testing - within budget
Automatisation in development and testing - within budgetAutomatisation in development and testing - within budget
Automatisation in development and testing - within budget
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summit
 
Ruby gems
Ruby gemsRuby gems
Ruby gems
 
Sprockets
SprocketsSprockets
Sprockets
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
DRb and Rinda
DRb and RindaDRb and Rinda
DRb and Rinda
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talk
 
Socket applications
Socket applicationsSocket applications
Socket applications
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
 
Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)
 

Recently uploaded

Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
Query optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsQuery optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsmeharikiros2
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdfKamal Acharya
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdfAldoGarca30
 
fitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptfitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptAfnanAhmad53
 
8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessorAshwiniTodkar4
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfsumitt6_25730773
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxNANDHAKUMARA10
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxMustafa Ahmed
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...Amil baba
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 

Recently uploaded (20)

Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Query optimization and processing for advanced database systems
Query optimization and processing for advanced database systemsQuery optimization and processing for advanced database systems
Query optimization and processing for advanced database systems
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
fitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptfitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .ppt
 
8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdf
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 

Consul ou comment bien tirer sur l’élastique

  • 1. Consul ou comment bien se tirer sur l’élastique Nicolas / @nledez / Cozy Cloud Rennes devops 20/03/2018
  • 3.
  • 4.
  • 5.
  • 8.
  • 10. 28, 29 et 30 mars @breizhcamp / www.breizhcamp.org
  • 11. 28, 29 et 30 mars @breizhcamp / www.breizhcamp.org
  • 16. Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ?
  • 17. Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ?
  • 18. Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ? • Virtualisation + Cloud = IaaS
  • 19. Élasticité ? • Il se passe quoi si je passe au JT de 20 sur TF1 ? • Je paye combien quand j’ai 3 utilisateurs ? • Virtualisation + Cloud = IaaS • Mais comment je mets à jours ma configuration ?
  • 21. HashiCorp • VirtualBox -> Mitchell Hashimoto
  • 22. HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp
  • 23. HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops”
  • 24. HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops” • En opensource
  • 25. HashiCorp • VirtualBox -> Mitchell Hashimoto • Fonde en 2012 avec Armon Dadgar HashiCorp • Développe des produits “devops” • En opensource • Et en mode commercial
  • 32. Consul • Découverte de services • Tests de vie
  • 33. Consul • Découverte de services • Tests de vie • Base de donnée clé/valeur
  • 34. Consul • Découverte de services • Tests de vie • Base de donnée clé/valeur • Multi centre de données
  • 41. Consul • Clients • Servers • Leader • Bootstrap
  • 44. Consul / configuration • Paramètres • Fichier
  • 45. Consul / configuration • Paramètres • Fichier • Fichiers
  • 47. Consul / serveur • "server": true
  • 48. Consul / serveur • "server": true • "datacenter": “zombiland”
  • 49. Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev"
  • 50. Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul"
  • 51. Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul" • "start_join": [“10.0.0.1”,“10.0.0.2”,“10.0.0.3”]
  • 52. Consul / serveur • "server": true • "datacenter": “zombiland” • "domain": “zombiland-dev" • "data_dir": “/var/lib/consul" • "start_join": [“10.0.0.1”,“10.0.0.2”,“10.0.0.3”] • "ui": true
  • 55. Consul / KV • consul-client:~$ consul kv get hello
  • 56. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello
  • 57. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops'
  • 58. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello
  • 59. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello
  • 60. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello
  • 61. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops
  • 62. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello
  • 63. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}]
  • 64. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}]
  • 65. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello
  • 66. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello • true
  • 67. Consul / KV • consul-client:~$ consul kv get hello • Error! No key exists at: hello • consul-client:~$ consul kv put hello 'Consul devops' • Success! Data written to: hello • consul-client:~$ consul kv get hello • Consul devops • consul-client:~$ curl 127.0.0.1:8500/v1/kv/hello • [{“LockIndex":0,"Key":"hello","Flags": 0,"Value":"Q29uc3VsIGRldm9wcw==","CreateIndex": 10968,"ModifyIndex":10978}] • consul-client:~$ curl --request PUT --data '"Fixed string"' 127.0.0.1:8500/ v1/kv/hello • true
  • 69. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/
  • 70. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html>
  • 71. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json
  • 72. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
  • 73. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
  • 74. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
  • 75. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } }
  • 76. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } } ubuntu@app-01:~$ sudo service app stop app stop/waiting
  • 77. Consul / Service ubuntu@app-01:~$ curl http://127.0.0.1:8080/ <html><body>app-01</body></html> ubuntu@app-01:~$ cat /etc/consul.d/app-consul-service.json { "service": { "name": "app", "tags": ["app"], "port": 8080, "check": { "http": "http://127.0.0.1:8080/", "interval": "10s" } } } ubuntu@app-01:~$ sudo service app stop app stop/waiting
  • 79. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
  • 80. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
  • 81. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj..
  • 82. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==",
  • 83. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==", 22:06:56.394382 IP 192.168.168.67.8301 > 192.168.168.66.8301: UDP, length 53 0x0000: 4500 0051 a9b7 4000 4011 bf0d c0a8 a843 E..Q..@.@......C 0x0010: c0a8 a842 206d 206d 003d d225 01b3 e8c9 ...B.m.m.=.%.... 0x0020: f2c0 e852 6369 0060 3c32 48fa 3e5f 2318 ...Rci.`<2H.>_#. 0x0030: e518 b550 3d99 3dc2 4875 ce71 8ae5 fa93 ...P=.=.Hu.q.... 0x0040: 983b 8925 941e dd8e e4c3 e523 b5dd fdbb .;.%.......#.... 0x0050: 7d }
  • 84. Chiffrer ? sudo tcpdump -i eth1 -X -s0 22:02:24.448835 IP 192.168.168.65.8301 > 192.168.168.67.8301: UDP, length 30 0x0000: 4500 003a 389b 4000 4011 3042 c0a8 a841 E..:8.@.@.0B...A 0x0010: c0a8 a843 206d 206d 0026 819a 0082 a44e ...C.m.m.&.....N 0x0020: 6f64 65ad 636f 6e73 756c 2d63 6c69 656e ode.consul-clien 0x0030: 74a5 5365 714e 6fcd 01c4 t.SeqNo... 22:02:24.449203 IP 192.168.168.67.8301 > 192.168.168.65.8301: UDP, length 152 0x0000: 4500 00b4 d82e 4000 4011 9034 c0a8 a843 E.....@.@..4...C 0x0010: c0a8 a841 206d 206d 00a0 d287 0282 a750 ...A.m.m.......P 0x0020: 6179 6c6f 6164 da00 8201 84aa 4164 6a75 ayload......Adju 0x0030: 7374 6d65 6e74 cbbf 2be6 abdc 02b7 30a5 stment..+.....0. 0x0040: 4572 726f 72cb 3fcc b4d3 0381 9146 a648 Error.?......F.H 0x0050: 6569 6768 74cb 3f46 cb69 a435 b5ac a356 eight.?F.i.5...V 0x0060: 6563 98cb bf25 47b2 2716 3153 cb3f 51dd ec...%G.'.1S.?Q. 0x0070: 5a8d 91dc 79cb 3f4f fd37 29c9 596a cbbf Z...y.?O.7).Yj.. ubuntu@consul-client:~$ consul keygen 9IlBdlPWteb6b3G4kqql6g== ubuntu@consul-client:~$ grep encrypt /etc/consul.d/config.json "encrypt": “9IlBdlPWteb6b3G4kqql6g==", 22:06:56.394382 IP 192.168.168.67.8301 > 192.168.168.66.8301: UDP, length 53 0x0000: 4500 0051 a9b7 4000 4011 bf0d c0a8 a843 E..Q..@.@......C 0x0010: c0a8 a842 206d 206d 003d d225 01b3 e8c9 ...B.m.m.=.%.... 0x0020: f2c0 e852 6369 0060 3c32 48fa 3e5f 2318 ...Rci.`<2H.>_#. 0x0030: e518 b550 3d99 3dc2 4875 ce71 8ae5 fa93 ...P=.=.Hu.q.... 0x0040: 983b 8925 941e dd8e e4c3 e523 b5dd fdbb .;.%.......#.... 0x0050: 7d }
  • 85. TLS ?
  • 86. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
  • 87. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
  • 88. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f","
  • 89. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert",
  • 90. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert",
  • 91. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key",
  • 92. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait :
  • 93. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait : - Je n’ai pas réussi à le faire fonctionner
  • 94. TLS ? curl 127.0.0.1:8500/v1/agent/members [{“Name":"consul-client","Addr":"192.168.168.67","Port":8301,"Tags" 12:52:16.005478 IP localhost.8500 > localhost.59018: Flags [P.], seq 1:1585, ack 95, win 342, options [nop,nop,TS val 14174548 ecr 14174548], length 1584 0x0000: 4500 0664 77d1 4000 4006 bec0 7f00 0001 E..dw.@.@....... 0x0010: 7f00 0001 2134 e68a 28ed 3e83 a53d 18ae ....!4..(.>..=.. 0x0020: 8018 0156 0459 0000 0101 080a 00d8 4954 ...V.Y........IT 0x0030: 00d8 4954 4854 5450 2f31 2e31 2032 3030 ..ITHTTP/1.1.200 0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ 0x0050: 653a 2061 7070 6c69 6361 7469 6f6e 2f6a e:.application/j 0x0060: 736f 6e0d 0a44 6174 653a 204d 6f6e 2c20 son..Date:.Mon,. […] 0x00b0: 756c 2d63 6c69 656e 7422 2c22 4164 6472 ul-client","Addr 0x00c0: 223a 2231 3932 2e31 3638 2e31 3638 2e36 ":"192.168.168.6 0x00d0: 3722 2c22 506f 7274 223a 3833 3031 2c22 7","Port":8301," 0x00e0: 5461 6773 223a 7b22 6275 696c 6422 3a22 Tags":{"build":" 0x00f0: 312e 302e 323a 6235 3530 3539 6622 2c22 1.0.2:b55059f"," "ca_file": "/etc/consul.d/ssl/ca.cert", "cert_file": "/etc/consul.d/ssl/ consul.cert", "key_file": “/etc/consul.d/ssl/ consul.key", Mais en fait : - Je n’ai pas réussi à le faire fonctionner - J’ai mis un nginx en attendant
  • 95. ACL ?
  • 96. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack
  • 97. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack
  • 98. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack
  • 99. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}]
  • 100. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack
  • 101. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
  • 102. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
  • 103. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
  • 104. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true
  • 105. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen
  • 106. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157
  • 107. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json
  • 108. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true,
  • 109. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1",
  • 110. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157",
  • 111. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", "acl_default_policy": "deny",
  • 112. ACL ? $ curl 127.0.0.1:8500/v1/kv/hack $ curl --request PUT --data '"Not realy a good hacker"' 127.0.0.1:8500/v1/kv/hack $ curl 127.0.0.1:8500/v1/kv/hack [{“LockIndex":0,"Key":"hack","Flags": 0,"Value":"Ik5vdCByZWFseSBhIGdvb2Qga GFja2VyIg==","CreateIndex": 8219,"ModifyIndex":8219}] $ curl --request DELETE 127.0.0.1:8500/ v1/kv/hack true $ uuidgen d64c69dd-4c17-44f1-a5d8-48fac021d157 $ grep acl /etc/consul.d/config.json "acl_enforce_version_8": true, "acl_datacenter": "dc1", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", "acl_default_policy": "deny", "acl_down_policy": “deny",
  • 115. ACL 1/4 • Master • Client / policy
  • 116. ACL 1/4 • Master • Client / policy • Droit allow/deny
  • 117. ACL 1/4 • Master • Client / policy • Droit allow/deny • Quoi (agent, service, clés, …)
  • 118. ACL 1/4 • Master • Client / policy • Droit allow/deny • Quoi (agent, service, clés, …) • Anonymous
  • 120. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107
  • 121. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs
  • 122. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members
  • 123. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “”
  • 124. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “” • ubuntu@consul-client:~$ consul info
  • 125. ACL 2/4 • Feb 12 17:19:29 consul-01 consul[18761]: http: Request GET /v1/ agent/self, error: Permission denied from=127.0.0.1:36107 • Feb 12 17:19:33 consul-01 consul[18761]: agent: Coordinate update blocked by ACLs • ubuntu@consul-client:~$ consul members • “” • ubuntu@consul-client:~$ consul info • Error querying agent: Unexpected response code: 403 (Permission denied)
  • 133. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
  • 134. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
  • 135. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied)
  • 136. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default>
  • 137. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default>
  • 138. ACL 4/4 ubuntu@consul-01:~$ grep -E 'acl.*token' /etc/consul.d/ config.json "acl_agent_token": “a61a066a-7986-91c3-c178- a2458c3aae22", "acl_master_token": "d64c69dd-4c17-44f1- a5d8-48fac021d157", ubuntu@consul-client:~$ consul members ubuntu@consul-client:~$ consul info Feb 12 17:30:01 consul-client consul[21685]: http: Request GET / v1/agent/self, error: Permission denied from=127.0.0.1:60029 Error querying agent: Unexpected response code: 403 (Permission denied) export CONSUL_HTTP_TOKEN=a61a066a-7986-91c3-c178-a2458c3aae22 ubuntu@consul-01:~$ consul members Node Address Status Type Build Protocol DC Segment consul-01 192.168.168.65:8301 alive server 1.0.6 2 dc1 <all> consul-02 192.168.168.66:8301 alive server 1.0.6 2 dc1 <all> consul-03 192.168.168.64:8301 alive server 1.0.6 2 dc1 <all> consul-client 192.168.168.67:8301 alive client 1.0.6 2 dc1 <default> ubuntu@consul-01:~$ consul info Feb 12 17:43:45 consul-01 consul[19544]: http: Request GET /v1/agent/self, error: Permission denied from=127.0.0.1:36231 Error querying agent: Unexpected response code: 403 (Permission denied) ubuntu@consul-01:~$ export CONSUL_HTTP_TOKEN=d64c69dd-4c17-44f1-a5d8-48fac021d157 ubuntu@consul-01:~$ consul info agent: check_monitors = 0 check_ttls = 0 checks = 0 services = 0 build:
  • 142. App / haproxy global user haproxy daemon defaults mode http stats uri /ha_stats stats auth demo:pass frontend front bind *:80 mode http default_backend app backend app mode http server app-01 192.168.168.69:8080 check inter 1s
  • 143. App / haproxy global user haproxy daemon defaults mode http stats uri /ha_stats stats auth demo:pass frontend front bind *:80 mode http default_backend app backend app mode http server app-01 192.168.168.69:8080 check inter 1s
  • 145. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }}
  • 146. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s
  • 147. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
  • 148. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
  • 149. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
  • 150. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
  • 151. Consul-template ubuntu@haproxy:~$ tail -n5 /etc/haproxy/haproxy.cfg.ctmpl backend app mode http {{- range service "app" }} server {{ .Node }} {{ .Address }}:{{ .Port }} check inter 1s {{- end }} ubuntu@haproxy:~$ consul-template -template=/etc/haproxy/ haproxy.cfg.ctmpl:out -dry -once | tail -n 4 backend app mode http server app-01 192.168.168.69:8080 check inter 1s ubuntu@haproxy:~$ tail -n3 /etc/init/consul-template.conf exec /usr/local/bin/consul-template -template "/etc/haproxy/haproxy.cfg.ctmpl:/etc/haproxy/ haproxy.cfg:service haproxy reload" end script
  • 155. Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides)
  • 156. Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd
  • 157. Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd • Consul permet de simplifier l’élasticité
  • 158. Conclusion • J’aime systemd • Je n’aime pas upstart (encore moins depuis que j’ai fait ces slides) • J’aime encore plus systemd • Consul permet de simplifier l’élasticité • Mais potentiellement ajouter des problèmes