0
我已在AWS EC2上安裝consul,有3個服務器和1個客戶端。用於遠程訪問領事的DNS配置
服務器IP = 11.XX.XX.1,11.XX.XX.2,11.XX.XX.3。 客戶端IP = 11.XX.XX.4
consul配置:/etc/consul.d/server/config.json
{
"bootstrap": false,
"server": true,
"datacenter": "abc",
"advertise_addr": "11.XX.XX.1",
"data_dir": "/var/consul",
"log_level": "INFO",
"enable_syslog": true,
"addresses": {
"http": "0.0.0.0"
},
"start_join": ["11.XX.XX.2", "11.XX.XX.3"]
}
netstat輸出上服務器:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8400 0.0.0.0:* LISTEN 29720/consul
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1006/sshd
tcp 0 0 127.0.0.1:8600 0.0.0.0:* LISTEN 29720/consul
tcp6 0 0 :::8301 :::* LISTEN 29720/consul
tcp6 0 0 :::8302 :::* LISTEN 29720/consul
tcp6 0 0 :::8500 :::* LISTEN 29720/consul
tcp6 0 0 :::22 :::* LISTEN 1006/sshd
tcp6 0 0 :::8300 :::* LISTEN 29720/consul
curl從遠程機器正常工作,但只能在本地機器上工作。
; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> @127.0.0.1 -p 8600 web.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40873
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;web.service.consul. IN A
;; ANSWER SECTION:
web.service.consul. 0 IN A 11.XX.XX.4
;; Query time: 0 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Fri Dec 30 08:21:41 UTC 2016
;; MSG SIZE rcvd: 52
但不是從遠程計算機工作:
dig @11.XX.XX.1 -p 8600 web.service.consul
; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> @11.XX.XX.1 -p 8600 web.service.consul
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
-----------------------------
如何使它工作?
當你說暴露所有接口上的DNS,這是什麼意思? –
我想在AWS覆蓋它時問題與resolv.conf有關。 –
環回接口上的所有內容僅適用於正在運行的機器。默認情況下,Consul DNS只在回送設備上進行偵聽。這就是爲什麼你不能從另一個實例挖掘DNS的原因。在所有接口上公開DNS會告知Consul應用程序偵聽所有接口上的入站DNS請求(不僅限於受限制的回送設備)。這允許其他實例使用普通IP與此實例進行通信。當然這排除了兩個實例之間的任何防火牆或連接問題。 – thun