-
Notifications
You must be signed in to change notification settings - Fork 22
/
hazelcast-consul-discovery-spi-example.xml
279 lines (190 loc) · 18.2 KB
/
hazelcast-consul-discovery-spi-example.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
<?xml version="1.0" encoding="UTF-8"?>
<hazelcast id="hazelcast-consul-discovery"
xsi:schemaLocation="http://www.hazelcast.com/schema/config hazelcast-config-4.0.xsd"
xmlns="http://www.hazelcast.com/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<cluster-name>hazelcast-consul-discovery-spi</cluster-name>
<properties>
<property name="hazelcast.discovery.enabled">true</property>
<property name="hazelcast.shutdownhook.enabled">false</property>
</properties>
<network>
<port auto-increment="true">5701</port>
<join>
<multicast enabled="false"/>
<aws enabled="false"/>
<tcp-ip enabled="false" />
<!-- Enable a Consul based discovery strategy -->
<discovery-strategies>
<discovery-strategy enabled="true"
class="org.bitsofinfo.hazelcast.discovery.consul.ConsulDiscoveryStrategy">
<properties>
<!-- hostname or IP of the consul server -->
<property name="consul-host">localhost</property>
<!-- port of the consul server -->
<property name="consul-port">8500</property>
<!--
Name of the Consul service that will be used to discover peer hazelcast services in Consul
IF a ConsulRegistrator is configured below: this node will be registered under this same service
name. This name should be UNIQUE to your hazelcast cluster! (i.e. like your group name above..)
-->
<property name="consul-service-name">hz-discovery-test-cluster</property>
<!--
When discovering peer nodes, only return those that are healthy (true)
If false, all nodes, regardless of health (from Consul's perspective) will be returned
This DOES NOT apply to the first call to discoverNodes() but only subsequent calls (if any)
to account for any Consul service health-check you have, who's interval might be longer than
the period of time which the service is registered and the first health check runs.
-->
<property name="consul-healthy-only">true</property>
<!--
Comma separated list of Consul service tags that will be used when registering services
in Consul who are part of the same cluster and will be discovered and treated as peer
members of the hazelcast cluster.
-->
<property name="consul-service-tags">hazelcast,test1</property>
<!--
If you quickly start an entire hz cluster at the exact same time, and
all hazelcast services are registered with Consul at the same time, its
possible they may all discover ONLY themselves as members, leading to a cluster
that can never be fully discovered. This small delay can assist with avoiding
that problem. @see https://github.com/hazelcast/hazelcast/issues/6813
-->
<property name="consul-discovery-delay-ms">10000</property>
<!--
An optional Access Control List (ACL) token that can be used to control access to data and API.
this is passed as query parameter (token) when using Consul clients. You can use the uuidgen to
pre-generate the UUID on any *nix machines and create the ACL by providing that in the ID field of
the json body of the ACL create request. If you don't provide an ID, then a random generated UUID will
be returned in the response, which you can use here.
@see https://www.consul.io/docs/agent/http/acl.html#acl_create
You would also need a acl_master_token setup on your server configuration json, or create a management token
using the acl/create API above using "type":"management" in the body of the json to get a new acl_master_token
UUID.
Once you have the acl_master_token, you can create a client token using the following curl command for example,
that creates an acl_token of type: client that gives read and write permission to all services:
curl -X PUT -d @client_acl.json "http://localhost:8500/v1/acl/create?token=D4289F4C-19C1-4A9B-AC7A-A46D9CFA78BF&pretty=true";echo
You can find the client_acl.json under docs/sample_data folder
-->
<property name="consul-acl-token">23f4e655-5ff2-89f8-497a-bbc73a4e6e47</property>
<!--
If you want to enable TLS, you can set this option to "true". If you enable TLS,
then the "consul-port" property above needs to be set to the correct https port
that is configured on the Consul server.
OPTIONALLY: In addition, either "consul-ssl-server-cert-file-path" or "consul-ssl-server-cert-base64"
properties below would have to be provided if TLS is enabled and your consul server(s) present
a self-signed non-JRE trusted certificate.
-->
<property name="consul-ssl-enabled">false</property>
<!--
OPTIONAL: only necessary if your consul server presents a self-signed certificate
Path to a self signed CA cert file that will be used if TLS is enabled. You need to
provide the full path to the certificate file. You can alternatively provide the
"consul-ssl-server-cert-base64" property below.
-->
<property name="consul-ssl-server-cert-file-path">/path/to/ca.cert</property>
<!--
OPTIONAL: only necessary if your consul server presents a self-signed certificate
A base64 encoded CA cert string that can be used for TLS connection. You can alternatively
provide the "consul-ssl-server-cert-file-path" property above.
-->
<property name="consul-ssl-server-cert-base64"></property>
<!--
If this set to false, it will override the hostnameVerifier to be used by the client to verify
the endpoint's hostname against it's identification information and always mark it as verified.
You can set this to true, to use the default hostnameVerifier that will strict match the endpoint's
hostname against the client identification.
-->
<property name="consul-ssl-server-hostname-verify">false</property>
<!--
ConsulRegistrator:
This (optionally) enables the DiscoveryStrategy to register this hazelcast instance as a service with Consul
directly and deregister it on shutdown.
LocalDiscoveryNodeRegistrator: Uses the private/public IP:PORT determined by this Hazelcast instance
(and tags above) as the identifiers for registering itself with Consul
as a unique service.
ExplicitIpPortRegistrator: Uses an explicit IP:PORT specified by you in the 'consul-registrator-config' below
(and tags above) as the identifiers for registering itself with Consul
as a unique service.
DoNothingRegistrator: Does NOTHING in regards to registration or deregistration of this node as a service
with Consul. This should be used if you are running a local Consul agent yourself and
managing the registration of this Hazelcast node manually via standard Consul configs
on the agent.
-->
<property name="consul-registrator">org.bitsofinfo.hazelcast.discovery.consul.LocalDiscoveryNodeRegistrator</property>
<!-- Custom properties for the ConsulRegistrator class you are using, JSON. @see ConsulRegistrator implementation
class for details on the configuration unique to it.
The configuration below is for LocalDiscoveryNodeRegistrator:
- preferPublicAddress (true|false) : use the public IP determined by
hazelcast (if not null) over the private IP
- healthCheckProvider: the type of health check to use (script, http or tcp).
It defaults to "org.bitsofinfo.hazelcast.discovery.consul.ScriptHealthCheckBuilder" if
this property is not provided.
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.ScriptHealthCheckBuilder
- healthCheckScript: can be anything you want Consul to do to determine health.
Variables #MYIP/#MYPORT will be replaced with this node's IP/PORT
@see https://www.consul.io/docs/agent/checks.html
- healthCheckScriptIntervalSeconds: self explanatory
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.HttpHealthCheckBuilder
- healthCheckHttp: valid hostname and port to use for health check. You can provide optional
path to a specific script. Variables #MYIP/#MYPORT will be replaced with
this node's IP/PORT
- healthCheckHttpIntervalSeconds: self explanatory
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.TcpHealthCheckBuilder
- healthCheckTcp: valid IP and port to use for health check.
Variables #MYIP/#MYPORT will be replaced with this node's IP/PORT
- healthCheckTcpIntervalSeconds: self explanatory
-->
<property name="consul-registrator-config"><![CDATA[
{
"preferPublicAddress":false,
"healthCheckProvider":"org.bitsofinfo.hazelcast.discovery.consul.ScriptHealthCheckBuilder",
"healthCheckScript":"nc -z #MYIP #MYPORT",
"healthCheckScriptIntervalSeconds":30,
"healthCheckHttp":"http://some.endpoint.on.this.app:80",
"healthCheckHttpIntervalSeconds":30,
"healthCheckTcp":"ip:port",
"healthCheckTcpIntervalSeconds":30
}
]]></property>
<!-- The configuration below is for ExplicitIpPortRegistrator:
- registerWithIpAddress: register with this IP in Consul
- registerWithPort: register with this PORT in Consul
- healthCheckProvider: the type of health check to use (script or http).
It defaults to "org.bitsofinfo.hazelcast.discovery.consul.ScriptHealthCheckBuilder" if
this property is not provided.
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.ScriptHealthCheckBuilder
- healthCheckScript: can be anything you want Consul to do to determine health.
Variables #MYIP/#MYPORT will be replaced with this node's IP/PORT
@see https://www.consul.io/docs/agent/checks.html
- healthCheckScriptIntervalSeconds: self explanatory
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.HttpHealthCheckBuilder
- healthCheckHttp: valid hostname and port to use for health check. You can provide optional
path to a specific script. Variables #MYIP/#MYPORT will be replaced with
this node's IP/PORT (port being hazelcast port, but you likely would not
want to use that for an http check)
- healthCheckHttpIntervalSeconds: self explanatory
Properties consumed by: org.bitsofinfo.hazelcast.discovery.consul.TcpHealthCheckBuilder
- healthCheckTcp: valid IP and port to use for health check. Variables #MYIP/#MYPORT will be replaced with
this node's IP/PORT (port being hazelcast port)
- healthCheckTcpIntervalSeconds: self explanatory
<property name="consul-registrator-config"><![CDATA[
{
"registerWithIpAddress":"192.168.1.102",
"registerWithPort":5701,
"healthCheckProvider":"org.bitsofinfo.hazelcast.discovery.consul.HttpHealthCheckBuilder",
"healthCheckScript":"nc -z #MYIP #MYPORT",
"healthCheckScriptIntervalSeconds":30,
"healthCheckHttp":"http://#MYIP:80",
"healthCheckHttpIntervalSeconds":30,
"healthCheckTcp":"#MYIP:#MYPORT",
"healthCheckTcpIntervalSeconds":30
}
]]></property>
-->
</properties>
</discovery-strategy>
</discovery-strategies>
</join>
</network>
</hazelcast>