zookeeper在kafka集群的作用
早期版本中kafka依赖zookeeper存储topic,consumer group,offset等信息。
kafka 0.9+版本中,弃用了将offset存储在zookeeper集群上,以减少zk的压力,而是将数据存储在"__consumer_offset"的内置topic。
kafka 2.0+版本中,移除了offset存储在zk的支持。
kafka 2.8+版本中,弃用了zookeeper集群协同管理数据,而是自实现管理。
kafka 3.9.0版本中,依旧是支持zk存储元数据信息的。
生产环境中,建议大家还是将数据存储在zookeeper集群,不建议直接使用kafka独立使用。nacos单机部署实战
- 1.nacos概述
Nacos /nɑ:kəʊs/ 是 Dynamic Naming and Configuration Service的首字母简称,一个更易于构建云原生应用的动态服务发现、配置管理和服务管理平台。
Nacos 致力于帮助您发现、配置和管理微服务。Nacos 提供了一组简单易用的特性集,帮助您快速实现动态服务发现、服务配置、服务元数据及流量管理。
Nacos 帮助您更敏捷和容易地构建、交付和管理微服务平台。 Nacos 是构建以**“服务”**为中心的现代应用架构 (例如微服务范式、云原生范式) 的服务基础设施。
Nacos 支持几乎所有主流类型的**“服务”**的发现、配置和管理:
- Kubernetes Service
- gRPC
- Dubbo RPC Service
- Spring Cloud RESTful Service
Nacos官网地址:
https://nacos.io/
Nacos的Github地址:
https://github.com/alibaba/nacos
- 2.下载nacos
wget https://github.com/alibaba/nacos/releases/download/2.5.1/nacos-server-2.5.1.tar.gz- 3.解压nacos
[root@elk91 ~]# tar xf nacos-server-2.5.1.tar.gz -C /usr/local/
[root@elk91 ~]#
[root@elk91 ~]# apt -y install tree
[root@elk91 ~]#
[root@elk91 ~]# tree /usr/local/nacos/
/usr/local/nacos/
├── bin
│ ├── shutdown.cmd
│ ├── shutdown.sh
│ ├── startup.cmd
│ └── startup.sh
├── conf
│ ├── 1.4.0-ipv6_support-update.sql
│ ├── announcement_en-US.conf
│ ├── announcement_zh-CN.conf
│ ├── application.properties
│ ├── application.properties.example
│ ├── cluster.conf.example
│ ├── console-guide.conf
│ ├── derby-schema.sql
│ ├── mysql-schema.sql
│ └── nacos-logback.xml
├── LICENSE
├── NOTICE
└── target
└── nacos-server.jar
3 directories, 17 files
[root@elk91 ~]# - 4.启动nacos单机版
[root@elk91 ~]# /usr/local/nacos/bin/startup.sh -m standalone
/usr/share/elasticsearch/jdk/bin/java -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true -Dnacos.member.list= -Xlog:gc*:file=/usr/local/nacos/logs/nacos_gc.log:time,tags:filecount=10,filesize=100m -Dloader.path=/usr/local/nacos/plugins,/usr/local/nacos/plugins/health,/usr/local/nacos/plugins/cmdb,/usr/local/nacos/plugins/selector -Dnacos.home=/usr/local/nacos -jar /usr/local/nacos/target/nacos-server.jar --spring.config.additional-location=file:/usr/local/nacos/conf/ --logging.config=/usr/local/nacos/conf/nacos-logback.xml --server.max-http-header-size=524288
nacos is starting with standalone
nacos is starting. you can check the /usr/local/nacos/logs/start.out
[root@elk91 ~]#
[root@elk91 ~]# tail -100f /usr/local/nacos/logs/start.out
/usr/share/elasticsearch/jdk/bin/java -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true -Dnacos.member.list= -Xlog:gc*:file=/usr/local/nacos/logs/nacos_gc.log:time,tags:filecount=10,filesize=100m -Dloader.path=/usr/local/nacos/plugins,/usr/local/nacos/plugins/health,/usr/local/nacos/plugins/cmdb,/usr/local/nacos/plugins/selector -Dnacos.home=/usr/local/nacos -jar /usr/local/nacos/target/nacos-server.jar --spring.config.additional-location=file:/usr/local/nacos/conf/ --logging.config=/usr/local/nacos/conf/nacos-logback.xml --server.max-http-header-size=524288
,--.
,--.'|
,--,: : | Nacos 2.5.1
,`--.'`| ' : ,---. Running in stand alone mode, All function modules
| : : | | ' ,'\ .--.--. Port: 8848
: | \ | : ,--.--. ,---. / / | / / ' Pid: 58224
| : ' '; | / \ / \. ; ,. :| : /`./ Console: http://10.0.0.91:8848/nacos/index.html
' ' ;. ;.--. .-. | / / '' | |: :| : ;_
| | | \ | \__\/: . .. ' / ' | .; : \ \ `. https://nacos.io
' : | ; .' ," .--.; |' ; :__| : | `----. \
| | '`--' / / ,. |' | '.'|\ \ / / /`--' /
' : | ; : .' \ : : `----' '--'. /
; |.' | , .-./\ \ / `--'---'
'---' `--`---' `----'
2025-03-18 09:40:05,502 INFO Tomcat initialized with port(s): 8848 (http)
...
[root@elk91 ~]# ss -ntl | grep 8848
LISTEN 0 100 *:8848 *:*
[root@elk91 ~]# - 5.访问nacos的WebUI
http://10.0.0.91:8848/nacos/nacos实现服务注册和服务发现
- 1.注册节点
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.91&port=9200' ;echo
ok
[root@elk93 ~]#
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.92&port=9200' ;echo
ok
[root@elk93 ~]#
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.93&port=9200' ;echo
ok
[root@elk93 ~]# - 2.服务发现
[root@elk93 ~]# curl -X GET -s 'http://10.0.0.91:8848/nacos/v1/ns/instance/list?serviceName=elasticstack' | jq
{
"name": "DEFAULT_GROUP@@elasticstack",
"groupName": "DEFAULT_GROUP",
"clusters": "",
"cacheMillis": 10000,
"hosts": [
{
"instanceId": "10.0.0.92#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.92",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
},
{
"instanceId": "10.0.0.93#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.93",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
},
{
"instanceId": "10.0.0.91#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.91",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
}
],
"lastRefTime": 1742264229641,
"checksum": "",
"allIPs": false,
"reachProtectionThreshold": false,
"valid": true
}
[root@elk93 ~]# nacos实现服务中心案例
- 1.发布配置
[root@elk93 ~]# curl -s -X POST "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=blog&group=k8s&content=https://www.cnblogs.com/yinzhengjie" ;echo
true
[root@elk93 ~]#
- 2.获取配置
[root@elk93 ~]# curl -s "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=blog&group=k8s";echo
https://www.cnblogs.com/yinzhengjie
[root@elk93 ~]#
[root@elk93 ~]# curl -s "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=laonanhai&group=DEFAULT_GROUP";echo
{"office": "https://www.oldboyedu.com","school":"oldboyedu"}
[root@elk93 ~]# Nacos启动脚本编写
- 1.编写启动脚本
cat > /lib/systemd/system/nacos.service <<EOF
[Unit]
Description=nacos.service
After=network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/share/elasticsearch/jdk
ExecStart=/usr/local/nacos/bin/startup.sh -m standalone
ExecStop=/usr/local/nacos/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF- 2.配置开机自启动
[root@elk91 ~]# systemctl daemon-reload
[root@elk91 ~]# systemctl enable --now nacos.service
[root@elk91 ~]#
[root@elk91 ~]# ss -ntl | grep 8848
LISTEN 0 100 *:8848 *:*
[root@elk91 ~]#
[root@elk91 ~]# systemctl status nacos.service
● nacos.service
Loaded: loaded (/lib/systemd/system/nacos.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-03-18 10:32:36 CST; 29s ago
Process: 58921 ExecStart=/usr/local/nacos/bin/startup.sh -m standalone (code=exited, status=0/SUCCESS)
Tasks: 183 (limit: 9350)
Memory: 707.6M
CPU: 19.082s
CGroup: /system.slice/nacos.service
└─58957 /usr/share/elasticsearch/jdk/bin/java -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true -Dnacos.member.list= "-X>
Mar 18 10:32:36 elk91 systemd[1]: Starting nacos.service...
Mar 18 10:32:36 elk91 startup.sh[58921]: /usr/share/elasticsearch/jdk/bin/java -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true ->
Mar 18 10:32:36 elk91 startup.sh[58921]: nacos is starting with standalone
Mar 18 10:32:36 elk91 startup.sh[58921]: nacos is starting. you can check the /usr/local/nacos/logs/start.out
Mar 18 10:32:36 elk91 systemd[1]: Started nacos.service.
[root@elk91 ~]#
nacos配置MySQL作为数据源
- 1.拷贝nacos的SQL初始化语句
[root@elk91 ~]# scp /usr/local/nacos/conf/mysql-schema.sql 10.0.0.93:~
- 2.创建用户并授权,导入SQL语句
[root@elk93 logstash]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 91
Server version: 8.4.4 MySQL Community Server - GPL
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> CREATE DATABASE nacos;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER nacos IDENTIFIED WITH mysql_native_password by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL ON nacos.* TO nacos;
Query OK, 0 rows affected (0.01 sec)
mysql>
mysql> QUIT
Bye
[root@elk93 ~]#
[root@elk93 ~]# mysql < mysql-schema.sql
ERROR 1046 (3D000) at line 1: No database selected
[root@elk93 ~]#
[root@elk93 ~]# mysql nacos < mysql-schema.sql
[root@elk93 ~]#
[root@elk93 ~]# mysql -e 'SHOW TABLES FROM nacos;'
+----------------------+
| Tables_in_nacos |
+----------------------+
| config_info |
| config_info_gray |
| config_tags_relation |
| group_capacity |
| his_config_info |
| permissions |
| roles |
| tenant_capacity |
| tenant_info |
| users |
+----------------------+
[root@elk93 ~]# - 3.修改nacos的配置文件
[root@elk91 ~]# vim /usr/local/nacos/conf/application.properties
# 修改nacos的访问站点
server.servlet.contextPath=/
...
# 指定数据库的类型是MySQL
spring.sql.init.platform=mysql
# 数据库的数量,官方写的是1,此处我也写1.
db.num=1
# 指定数据库的主机,端口,数据库及相关参数。
db.url.0=jdbc:mysql://10.0.0.93:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnic ode=true&useSSL=false&serverTimezone=Asia/Shanghai
# 指定数据库的用户名
db.user.0=nacos
# 指定数据库的密码
db.password.0=123456 - 4.重启nacos
[root@elk91 ~]# systemctl restart nacos.service
[root@elk91 ~]# - 5.访问nacos的WebUI
http://10.0.0.91:8848/- 6.写入配置信息观察MySQL数据库是否有数据存储
mysql> SELECT * FROM config_info;
+----+-----------+---------------+----------------------------------------------------------------------------------------------------------------------+----------------------------------+---------------------+---------------------+----------+----------+----------+-----------+--------+-------+--------+------+----------+--------------------+
| id | data_id | group_id | content | md5 | gmt_create | gmt_modified | src_user | src_ip | app_name | tenant_id | c_desc | c_use | effect | type | c_schema | encrypted_data_key |
+----+-----------+---------------+----------------------------------------------------------------------------------------------------------------------+----------------------------------+---------------------+---------------------+----------+----------+----------+-----------+--------+-------+--------+------+----------+--------------------+
| 1 | oldboyedu | DEFAULT_GROUP | {"office":"https://www.baidu.com","address":"沙河","name":"xiaoming","O":"天天睡大觉"} | 4e417ec009737a6db135e8f0c6c494ba | 2025-03-18 11:02:20 | 2025-03-18 11:02:20 | NULL | 10.0.0.1 | | | NULL | NULL | NULL | json | NULL | |
+----+-----------+---------------+----------------------------------------------------------------------------------------------------------------------+----------------------------------+---------------------+---------------------+----------+----------+----------+-----------+--------+-------+--------+------+----------+--------------------+
1 row in set (0.00 sec)
mysql>
nacos配置认证功能及RBAC实战
- 1.nacos认证概述
Nacos是一个内部微服务组件,需要在可信的内部网络中运行,不可暴露在公网环境,防止带来安全风险。
Nacos提供简单的鉴权实现,为防止业务错用的弱鉴权体系,不是防止恶意攻击的强鉴权体系。
如果运行在不可信的网络环境或者有强鉴权诉求,请参考官方简单实现做替换增强。
参考链接:
https://nacos.io/zh-cn/docs/auth.html- 2.生成toke的值,自定义密钥时,推荐将配置项设置为Base64编码的字符串,且原始密钥长度不得低于32字符。
[root@elk91 ~]# openssl rand -base64 33
428Gjk5EGkADiPC+577iPOH49V1lGzDSN+gW8ggvUOyo
[root@elk91 ~]#- 3.修改Nacos的配置文件
[root@elk91 ~]# tail -5 /usr/local/nacos/conf/application.properties
nacos.core.auth.system.type=nacos
nacos.core.auth.enabled=true
nacos.core.auth.server.identity.key=violet
nacos.core.auth.server.identity.value=violet
nacos.core.auth.plugin.nacos.token.secret.key=428Gjk5EGkADiPC+577iPOH49V1lGzDSN+gW8ggvUOyo
[root@elk91 ~]# - 4.重启nacos
[root@elk91 ~]# systemctl restart nacos.service
[root@elk91 ~]#- 5.登录测试
http://10.0.0.91:8848/#/login
初始密码: 可以自定义。- 6.创建用户并绑定权限测试
nacos集群基于haproxy实现高可用实战
- 1.在单点的配置上修改配置文件
[root@elk91 ~]# cat /usr/local/nacos/conf/cluster.conf
10.0.0.91:8848
10.0.0.92:8848
10.0.0.93:8848
[root@elk91 ~]# - 2.拷贝nacos程序
[root@elk91 ~]# scp -r /usr/local/nacos/ 10.0.0.92:/usr/local/
[root@elk91 ~]# scp -r /usr/local/nacos/ 10.0.0.93:/usr/local/3.停止单点的nacos
[root@elk91 ~]# systemctl disable --now nacos.service - 4.所有节点以集群的方式启动
4.1 所有节点启动
/usr/local/nacos/bin/startup.sh -p embedded
4.2 访问验证
http://10.0.0.91:8848/#/clusterManagement
http://10.0.0.92:8848/#/clusterManagement
http://10.0.0.93:8848/#/clusterManagement- 5.配置haproxy实现负载均衡【3个节点都得操作】
5.1 修改内核参数
echo net.ipv4.ip_nonlocal_bind = 1 >> /etc/sysctl.d/nacos.conf
sysctl -f /etc/sysctl.d/nacos.conf
sysctl -q net.ipv4.ip_nonlocal_bind
5.2 安装配置haproxy
apt -y install haproxy
5.3 修改haproxy的配置文件
[root@elk93 ~]# tail -13 /etc/haproxy/haproxy.cfg
listen status
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /ruok
stats auth admin:123456
listen nacos
bind 10.0.0.66:18848
server elk91 10.0.0.91:8848 check
server elk92 10.0.0.92:8848 check
server elk93 10.0.0.93:8848 check
[root@elk93 ~]#
[root@elk93 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.91:/etc/haproxy
[root@elk93 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.92:/etc/haproxy- 6.配置抢占式keepalived实现高可用
6.1.在两台服务器上安装配置keepalived实现高可用
apt -y install keepalived
6.2.修改keepalived的配置文件
[root@elk91 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.91
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 251
priority 100
advert_int 1
mcast_src_ip 10.0.0.91
nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
[root@elk91 ~]#
[root@elk92 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.92
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 251
priority 80
advert_int 1
mcast_src_ip 10.0.0.92
nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
[root@elk92 ~]#
[root@elk93 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.93
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 251
priority 60
advert_int 1
mcast_src_ip 10.0.0.93
nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
[root@elk93 ~]#
6.3 重启keepalived服务使得配置生效
[root@elk91 ~]# systemctl enable --now keepalived
[root@elk92 ~]# systemctl enable --now keepalived
[root@elk93 ~]# systemctl enable --now keepalived
6.4 启动haproxy负载均衡器
[root@elk91 ~]# systemctl restart haproxy.service
[root@elk91 ~]#
[root@elk91 ~]# ss -ntl | grep 18848
LISTEN 0 4096 10.0.0.66:18848 0.0.0.0:*
[root@elk91 ~]#
[root@elk92 ~]# systemctl restart haproxy.service
[root@elk92 ~]#
[root@elk92 ~]# ss -ntl | grep 18848
LISTEN 0 4096 10.0.0.66:18848 0.0.0.0:*
[root@elk92 ~]#
[root@elk93 ~]# systemctl restart haproxy.service
[root@elk93 ~]#
[root@elk93 ~]# ss -ntl | grep 18848
LISTEN 0 4096 10.0.0.66:18848 0.0.0.0:*
[root@elk93 ~]#
6.5 访问测试验证
http://10.0.0.66:18848/#/login
6.6 验证高可用
[root@elk91 ~]# systemctl stop keepalived
6.7 发现VIP飘逸,但是不影响客户端使用。
Categories: