Air a sgrìobhadh ann an cànan Rust, tha e air a chomharrachadh le àrd-choileanadh agus caitheamh RAM ìosal an taca ris na analogues aige. A bharrachd air an sin, thathas a’ toirt mòran aire do ghnìomhan co-cheangailte ri ceartachd, gu sònraichte, an comas tachartasan nach deach a chuir a shàbhaladh gu bufair air diosc agus na faidhlichean a thionndadh.
A thaobh ailtireachd, tha Vector na router tachartais a gheibh teachdaireachdan bho aon no barrachd stòran, gu roghnach a’ cur a-steach thairis air na teachdaireachdan sin cruth-atharraichean, agus gan cur gu fear no dhà drèanaichean.
Tha Vector na àite airson filebeat agus logstash, faodaidh e a bhith an sàs anns an dà dhreuchd (faighinn agus cuir logaichean), barrachd fiosrachaidh mun deidhinn làrach.
Ma tha an t-seine ann an Logstash air a thogail mar chur-a-steach → sìoltachan → toradh an uairsin ann an Vector tha e stòran → cruth-atharrachaidhean → a ’dol fodha
Gheibhear eisimpleirean anns na sgrìobhainnean.
Tha an stiùireadh seo na stiùireadh ath-sgrùdaichte bho Vyacheslav Rakhinsky saor an asgaidh. Anns an stiùireadh tùsail tha giollachd geoip. Nuair a rinn thu deuchainn air geoip bho lìonra a-staigh, thug vectar mearachd seachad.
Aug 05 06:25:31.889 DEBUG transform{name=nginx_parse_rename_fields type=rename_fields}: vector::transforms::rename_fields: Field did not exist field=«geoip.country_name» rate_limit_secs=30
Rèitichidh sinn am measgachadh de Nginx (logaichean ruigsinneachd) → Vector (Client | Filebeat) → Vector (Frithealaiche | Logstash) → fa leth ann an Clickhouse agus fa leth ann an Elasticsearch. Stàlaichidh sinn 4 frithealaichean. Ged is urrainn dhut a dhol seachad air le 3 frithealaichean.
Tha an sgeama rudeigin mar seo.
Cuir à comas Selinux air na frithealaichean agad gu lèir
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
reboot
Bidh sinn a’ stàladh emuladair frithealaiche HTTP + goireasan air a h-uile frithealaiche
Bidh ClickHouse a’ cleachdadh an t-seata stiùiridh SSE 4.2, mar sin mura h-eilear ag ràdh a chaochladh, bidh taic air a shon anns a’ phròiseasar a thathar a’ cleachdadh na riatanas siostam a bharrachd. Seo an àithne gus faighinn a-mach a bheil am pròiseasar gnàthach a’ toirt taic do SSE 4.2:
A’ rèiteachadh Elasticsearch airson modh aon-nòd 1 shard, 0 mac-samhail. Is coltaiche gum bi cruinneachadh mòr de luchd-frithealaidh agad agus chan fheum thu seo a dhèanamh.
Airson clàran-amais san àm ri teachd, ùraich an teamplaid bunaiteach:
Às deidh dhut na bùird a chruthachadh, faodaidh tu Vector a ruith
systemctl enable vector
systemctl start vector
Faodar coimhead air logaichean vector mar seo:
journalctl -f -u vector
Bu chòir inntrigidhean mar seo a bhith anns na logaichean
INFO vector::topology::builder: Healthcheck: Passed.
INFO vector::topology::builder: Healthcheck: Passed.
Air an neach-dèiligidh (lìn frithealaiche) - 1d frithealaiche
Air an fhrithealaiche le nginx, feumaidh tu ipv6 a dhì-cheadachadh, leis gu bheil an clàr logaichean ann an taigh-cliog a’ cleachdadh an raon upstream_addr IPv4, leis nach bi mi a’ cleachdadh ipv6 am broinn an lìonraidh. Mura tèid ipv6 a chuir dheth, bidh mearachdan ann:
DB::Exception: Invalid IPv4 value.: (while read the value of key upstream_addr)
Is dòcha luchd-leughaidh, cuir taic ipv6 ris.
Cruthaich am faidhle /etc/sysctl.d/98-disable-ipv6.conf
An toiseach, feumaidh sinn an cruth log a rèiteachadh ann an Nginx anns an fhaidhle /etc/nginx/nginx.conf
user nginx;
# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that
worker_processes auto; #some last versions calculate it automatically
# number of file descriptors used for nginx
# the limit for the maximum FDs on the server is usually set by the OS.
# if you don't set FD's then OS settings will be used which is by default 2000
worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# provides the configuration file context in which the directives that affect connection processing are specified.
events {
# determines how much clients will be served per worker
# max clients = worker_connections * worker_processes
# max clients is also limited by the number of socket connections available on the system (~64k)
worker_connections 4000;
# optimized to serve many clients with each thread, essential for linux -- for testing environment
use epoll;
# accept as many connections as possible, may flood worker connections if set too low -- for testing environment
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format vector escape=json
'{'
'"node_name":"nginx-vector",'
'"timestamp":"$time_iso8601",'
'"server_name":"$server_name",'
'"request_full": "$request",'
'"request_user_agent":"$http_user_agent",'
'"request_http_host":"$http_host",'
'"request_uri":"$request_uri",'
'"request_scheme": "$scheme",'
'"request_method":"$request_method",'
'"request_length":"$request_length",'
'"request_time": "$request_time",'
'"request_referrer":"$http_referer",'
'"response_status": "$status",'
'"response_body_bytes_sent":"$body_bytes_sent",'
'"response_content_type":"$sent_http_content_type",'
'"remote_addr": "$remote_addr",'
'"remote_port": "$remote_port",'
'"remote_user": "$remote_user",'
'"upstream_addr": "$upstream_addr",'
'"upstream_bytes_received": "$upstream_bytes_received",'
'"upstream_bytes_sent": "$upstream_bytes_sent",'
'"upstream_cache_status":"$upstream_cache_status",'
'"upstream_connect_time":"$upstream_connect_time",'
'"upstream_header_time":"$upstream_header_time",'
'"upstream_response_length":"$upstream_response_length",'
'"upstream_response_time":"$upstream_response_time",'
'"upstream_status": "$upstream_status",'
'"upstream_content_type":"$upstream_http_content_type"'
'}';
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/access.json.log vector; # Новый лог в формате json
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
Gus nach bris thu an rèiteachadh gnàthach agad, leigidh Nginx leat grunn stiùiridhean access_log a bhith agad
access_log /var/log/nginx/access.log main; # Стандартный лог
access_log /var/log/nginx/access.json.log vector; # Новый лог в формате json
Na dìochuimhnich riaghailt a chur ris airson logrotate airson logaichean ùra (mura h-eil am faidhle log a’ crìochnachadh le .log)
Thoir air falbh default.conf bho /etc/nginx/conf.d/
Cuir luchd-aoigheachd brìgheil (172.26.10.106 ip den fhrithealaiche far a bheil nginx air a chuir a-steach) chun a h-uile frithealaiche chun fhaidhle /etc/hosts:
Agus rèiteachadh an àite Filebeat anns an config /etc/vector/vector.toml. Is e seòladh IP 172.26.10.108 an seòladh IP aig an fhrithealaiche loga (Vector-Server)
data_dir = "/var/lib/vector"
[sources.nginx_file]
type = "file"
include = [ "/var/log/nginx/access.json.log" ]
start_at_beginning = false
fingerprinting.strategy = "device_and_inode"
[sinks.nginx_output_vector]
type = "vector"
inputs = [ "nginx_file" ]
address = "172.26.10.108:9876"
Na dìochuimhnich an cleachdaiche vector a chuir ris a’ bhuidheann a tha a dhìth gus an urrainn dha faidhlichean log a leughadh. Mar eisimpleir, bidh nginx ann an centos a’ cruthachadh logaichean le còraichean buidhne adm.
usermod -a -G adm vector
Feuch an tòisich sinn air an t-seirbheis vector
systemctl enable vector
systemctl start vector
Faodar coimhead air logaichean vector mar seo:
journalctl -f -u vector
Bu chòir inntrigeadh mar seo a bhith anns na logaichean
INFO vector::topology::builder: Healthcheck: Passed.
Deuchainn Stress
Bidh sinn a’ dèanamh deuchainnean a’ cleachdadh slat-tomhais Apache.
Chaidh am pasgan httpd-tools a stàladh air a h-uile frithealaiche
Bidh sinn a’ tòiseachadh a’ dèanamh deuchainn le bhith a’ cleachdadh slat-tomhais Apache bho 4 frithealaichean eadar-dhealaichte air an sgrion. An toiseach, bidh sinn a’ cur air bhog an ioma-fhillteadair crìochnachaidh sgrion, agus an uairsin bidh sinn a’ tòiseachadh a’ dèanamh deuchainn le bhith a’ cleachdadh slat-tomhais Apache. Mar a dh’ obraicheas tu leis an scrion gheibh thu a-steach artaigil.
Bhon 1mh frithealaiche
while true; do ab -H "User-Agent: 1server" -c 100 -n 10 -t 10 http://vhost1/; sleep 1; done
Bhon 2mh frithealaiche
while true; do ab -H "User-Agent: 2server" -c 100 -n 10 -t 10 http://vhost2/; sleep 1; done
Bhon 3mh frithealaiche
while true; do ab -H "User-Agent: 3server" -c 100 -n 10 -t 10 http://vhost3/; sleep 1; done
Bhon 4mh frithealaiche
while true; do ab -H "User-Agent: 4server" -c 100 -n 10 -t 10 http://vhost4/; sleep 1; done
Feuch an dèan sinn sgrùdadh air an dàta ann an Clickhouse
select concat(database, '.', table) as table,
formatReadableSize(sum(bytes)) as size,
sum(rows) as rows,
max(modification_time) as latest_modification,
sum(bytes) as bytes_size,
any(engine) as engine,
formatReadableSize(sum(primary_key_bytes_in_memory)) as primary_keys_size
from system.parts
where active
group by database, table
order by bytes_size desc;
Feuch an lorg sinn a-mach na chaidh de logaichean suas ann an Clickhouse.
Is e meud clàr nan logaichean 857.19 MB.
Is e meud an aon dàta sa chlàr-amais ann an Elasticsearch 4,5GB.
Mura sònraich thu dàta anns an vectar anns na paramadairean, bheir Clickhouse 4500/857.19 = 5.24 tursan nas lugha na ann an Elasticsearch.
Ann am vector, tha an raon teannachaidh air a chleachdadh gu bunaiteach.