confd安装官方文档
confd quick-start-guide
etcd的安装参照centos6安装etcd集群
此处我们使用centos+etcd来提供etcd配置中心服务,然后使用centos+confd来作为客户端,另外etcd上采取ssl认证
wget https://github.com/kelseyhightower/confd/releases/download/v0.12.0/confd-0.12.0-linux-amd64
mv confd-0.12.0-linux-amd64 /usr/local/bin/confd
export PATH=$PATH:/usr/local/bin
mkdir -p /etc/confd/{conf.d,templates}
vim /etc/confd/conf.d/myapp-nginx.toml
*************************************
[template]
prefix = "/myapp"
src = "nginx.conf.tmpl"
dest = "/tmp/myapp.conf"
owner = "nginx"
mode = "0644"
keys = [
"/subdomain",
"/upstream",
]
check_cmd = "/usr/sbin/nginx -t -c \{\{.src}}"
reload_cmd = "/usr/sbin/service nginx reload"
*************************************
vim /etc/confd/templates/nginx.conf.tmpl
*************************************
upstream \{\{getv "/subdomain"}} {
\{\{range getvs "/upstream/*"}}
server \{\{.}};
\{\{end}}
}
server {
server_name \{\{getv "/subdomain"}}.example.com;
location / {
proxy_pass http://\{\{getv "/subdomain"}};
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
*************************************
转义符是因为flask使用的jinja模板问题,必须要转义,实际不需要转义符,实际环境中记得一定要去掉两个转义符
./etcdctl --ca-file ./ca.pem --cert-file ./client.pem --key-file ./client-key.pem --endpoint https://69.172.86.20:2379 set /myapp/subdomain myapp
./etcdctl --ca-file ./ca.pem --cert-file ./client.pem --key-file ./client-key.pem --endpoint https://69.172.86.20:2379 set /myapp/upstream/app1 192.168.0.1:80
./etcdctl --ca-file ./ca.pem --cert-file ./client.pem --key-file ./client-key.pem --endpoint https://69.172.86.20:2379 set /myapp/upstream/app2 192.168.0.2:80
这里特别需要注意的是,目前官方分支的confd不支持etcd api v3,所以我们需要使用v2的api来储存值,否则confd目前(<=0.12.0)是无法使用的。
如果不采用认证的话,不需要指定各种认证文件
confd有两种生成配置文件的方式,一种是使用daemon,一种是手动一次性获取,这里为了演示我们使用手动一次性获取方式
confd -onetime -backend etcd -client-ca-keys ./ca.pem -client-cert ./client.pem -client-key ./client-key.pem -node https://69.172.86.20:2379
cat /tmp/myapp.conf
upstream myapp {
server 192.168.0.1:80;
server 192.168.0.2:80;
}
server {
server_name myapp.example.com;
location / {
proxy_pass http://myapp;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
如果etcd没配置认证的话,可以去掉所有认证文件选项,另外-backend默认是etcd,也可以省略。
想要持续后台运行,可执行
confd -interval 10取代confd -onetime