添加Consul变量和存储配置功能

- 添加Consul变量和存储配置指南文档 - 创建Consul变量配置示例脚本 - 创建Consul备份脚本 - 添加Consul完整配置文件 - 完善Vault集群初始化和开发环境配置脚本 - 添加Vault安全策略文档这些配置将增强Consul集群的功能性，提供灵活的配置管理和数据持久化能力。
2025-09-30 04:57:44 +00:00
parent e8bfc76038
commit 7ea230b072
12 changed files with 1699 additions and 3 deletions
--- a/components/consul/configs/consul.hcl
+++ b/components/consul/configs/consul.hcl
@@ -0,0 +1,88 @@
+# Consul配置文件
+# 此文件包含Consul的完整配置，包括变量和存储相关设置
+
+# 基础配置
+data_dir = "/opt/consul/data"
+raft_dir = "/opt/consul/raft"
+
+# 启用UI
+ui_config {
+  enabled = true
+}
+
+# 数据中心配置
+datacenter = "dc1"
+
+# 服务器配置
+server = true
+bootstrap_expect = 3
+
+# 网络配置
+client_addr = "0.0.0.0"
+bind_addr = "{{ GetInterfaceIP `eth0` }}"
+advertise_addr = "{{ GetInterfaceIP `eth0` }}"
+
+# 端口配置
+ports {
+  dns = 8600
+  http = 8500
+  https = -1
+  grpc = 8502
+  grpc_tls = 8503
+  serf_lan = 8301
+  serf_wan = 8302
+  server = 8300
+}
+
+# 集群连接
+retry_join = ["100.117.106.136", "100.116.80.94", "100.122.197.112"]
+
+# 服务发现
+enable_service_script = true
+enable_script_checks = true
+enable_local_script_checks = true
+
+# 性能调优
+performance {
+  raft_multiplier = 1
+}
+
+# 日志配置
+log_level = "INFO"
+enable_syslog = false
+log_file = "/var/log/consul/consul.log"
+
+# 安全配置
+encrypt = "YourEncryptionKeyHere"
+
+# 连接配置
+reconnect_timeout = "30s"
+reconnect_timeout_wan = "30s"
+session_ttl_min = "10s"
+
+# Autopilot配置
+autopilot {
+  cleanup_dead_servers = true
+  last_contact_threshold = "200ms"
+  max_trailing_logs = 250
+  server_stabilization_time = "10s"
+  redundancy_zone_tag = ""
+  disable_upgrade_migration = false
+  upgrade_version_tag = ""
+}
+
+# 快照配置
+snapshot {
+  enabled = true
+  interval = "24h"
+  retain = 30
+  name = "consul-snapshot-{{.Timestamp}}"
+}
+
+# 备份配置
+backup {
+  enabled = true
+  interval = "6h"
+  retain = 7
+  name = "consul-backup-{{.Timestamp}}"
+}
--- a/components/vault/jobs/vault-cluster-exec.nomad
+++ b/components/vault/jobs/vault-cluster-exec.nomad
@@ -33,7 +33,7 @@ job "vault-cluster-exec" {
      template {
        data = <<EOH
 storage "consul" {
-  address = "127.0.0.1:8500"
+  address = "100.117.106.136:8500"
  path    = "vault/"
 }

@@ -106,7 +106,7 @@ EOH
      template {
        data = <<EOH
 storage "consul" {
-  address = "127.0.0.1:8500"
+  address = "100.116.80.94:8500"
  path    = "vault/"
 }

@@ -179,7 +179,7 @@ EOH
      template {
        data = <<EOH
 storage "consul" {
-  address = "127.0.0.1:8500"
+  address = "100.122.197.112:8500"
  path    = "vault/"
 }