Hello, Habr! Na kawo muku fassarar sakon: .
Manzo babban sabar wakili ce da aka rarraba (an rubuta a cikin C++) wanda aka tsara don ayyuka da aikace-aikace guda ɗaya, shi ma bas ɗin sadarwa ne da “jirgin bayanan duniya” wanda aka ƙera don manyan gine-ginen “sabis ɗin sabis”. Lokacin ƙirƙirar shi, an yi la'akari da hanyoyin magance matsalolin da suka taso a lokacin haɓaka sabbin sabobin kamar NGINX, HAProxy, ma'auni na kayan aiki da ma'aunin nauyi na girgije. Wakili yana aiki tare da kowane aikace-aikace kuma yana taƙaita hanyar sadarwa don samar da ayyuka gama gari ba tare da la'akari da dandamali ba. Lokacin da duk zirga-zirgar sabis a cikin kayan more rayuwa ke gudana ta cikin ragar Manzo, zai zama da sauƙi a hango wuraren matsala tare da daidaiton lura, daidaita aikin gabaɗaya, da ƙara babban aiki a takamaiman wuri.
Ayyukan
- Tsarin gine-ginen da ba ya aiki: manzo shine uwar garken da ke ƙunshe da kansa, sabar aiki mai girma wanda ke ɗaukar ƙaramin adadin RAM. Yana aiki tare da kowane harshe aikace-aikace ko tsarin aiki.
- http/2 da grpc goyon baya: wakili yana da matakin farko http/2 da grpc goyon bayan masu shigowa da masu fita. Wannan wakili ne na gaskiya daga http/1.1 zuwa http/2.
- Ma'auni na Babban Load: manzo yana goyan bayan fasalulluka na daidaita nauyi da suka haɗa da sakewa ta atomatik, karya sarkar, iyakance ƙimar duniya, buƙatar inuwa, daidaita nauyin yanki na gida, da sauransu.
- API ɗin Gudanarwar Kanfigareshan: manzo yana ba da API mai ƙarfi don sarrafa tsarin ku.
- Abun lura: Zurfin lura da zirga-zirgar L7, tallafi na asali don rarrabawa da kuma lura da mongodb, dynamodb da sauran aikace-aikace da yawa.
Mataki 1 - Misali NGINX Config
Wannan rubutun yana amfani da fayil ɗin da aka ƙera na musamman nginx.conf, bisa cikakken misali daga . Kuna iya duba daidaitawa a cikin edita ta buɗewa nginx.conf
nginx tushen saitin
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}Tsarin NGINX yawanci suna da abubuwa masu mahimmanci guda uku:
- Yana daidaita uwar garken NGINX, tsarin log da ayyukan Gzip. An bayyana wannan a duk duniya a kowane yanayi.
- Ana saita NGINX don karɓar buƙatun ga mai watsa shiri daya.misali.com ku 8080.
- Saita wurin da aka yi niyya, yadda ake sarrafa zirga-zirga don sassa daban-daban na URL.
Ba duk sanyi ba ne zai shafi Wakilin Wakili, kuma ba kwa buƙatar saita wasu saitunan. Wakili Proxy yana da nau'ikan maɓalli huɗu, wanda ke tallafawa ainihin kayan aikin da NGINX ke bayarwa. Tushen shine:
- Masu sauraro: Suna ƙayyade yadda Wakilin Wakili ke karɓar buƙatun masu shigowa. Wakili Wakili a halin yanzu yana tallafawa masu sauraron tushen TCP kawai. Da zarar an kafa haɗin gwiwa, ana wuce ta zuwa saitin tacewa don sarrafawa.
- Tace: Suna daga cikin gine-ginen bututun da ke iya sarrafa bayanai masu shigowa da masu fita. Wannan aikin ya haɗa da masu tacewa kamar Gzip, wanda ke matsawa bayanan kafin aika su ga abokin ciniki.
- Masu ba da hanya: Suna tura zirga-zirga zuwa wurin da ake buƙata, wanda aka ayyana azaman tari.
- Tari: Suna ayyana ƙarshen ƙarshen hanyoyin zirga-zirga da sigogin daidaitawa.
Za mu yi amfani da waɗannan abubuwa guda huɗu don ƙirƙirar ƙayyadaddun tsari na Wakilin Wakili don dacewa da ƙayyadaddun tsarin NGINX. Manufar manzo shine yin aiki tare da APIs da daidaitawa mai ƙarfi. A wannan yanayin, saitin tushe zai yi amfani da madaidaicin, saituna masu lamba daga NGINX.
Mataki 2 - Kanfigareshan NGINX
Kashi na farko nginx.conf yana bayyana wasu NGINX na ciki waɗanda ke buƙatar daidaita su.
Haɗin Ma'aikata
Tsarin da ke ƙasa yana ƙayyade adadin matakai da haɗin gwiwar ma'aikaci. Wannan yana nuna yadda NGINX zai daidaita don biyan bukata.
worker_processes 2;
events {
worker_connections 2000;
}Wakilin Wakili yana sarrafa ayyukan aiki da haɗin kai ta hanyoyi daban-daban.
Manzo yana ƙirƙirar zaren ma'aikaci don kowane zaren kayan aiki a cikin tsarin. Kowane zaren ma'aikaci yana aiwatar da madauki wanda ba ya toshewa wanda ke da alhakin
- Sauraron kowane mai sauraro
- Karɓar sabbin haɗi
- Ƙirƙirar saitin tacewa don haɗi
- Tsara duk ayyukan I/O yayin rayuwar haɗin gwiwa.
Ana sarrafa duk aikin haɗin gwiwa gaba ɗaya a cikin zaren ma'aikaci, gami da kowane hali na turawa.
Ga kowane zaren ma'aikaci a cikin Manzo, akwai tafkin haɗin gwiwa. Don haka wuraren shakatawa na HTTP/2 suna kafa haɗin kai ɗaya ga kowane mai masaukin waje a lokaci guda, idan akwai zaren ma'aikata guda huɗu za a sami haɗin HTTP / 2 guda huɗu kowane mai masaukin waje a cikin kwanciyar hankali. Ta hanyar adana duk abin da ke cikin zaren ma'aikaci ɗaya, kusan duk lambar za a iya rubuta ba tare da toshewa ba, kamar dai zaren guda ɗaya ne. Idan an keɓance ƙarin zaren ma'aikata fiye da yadda ake buƙata, wannan na iya haifar da ɓarnawar ƙwaƙwalwar ajiya, ƙirƙirar haɗin haɗin kai da yawa, da rage adadin lokutan haɗin haɗin gwiwa zuwa tafkin.
Don ƙarin bayani ziyarci .
HTTP Kanfigareshan
Mai zuwa NGINX toshewar sanyi yana bayyana saitunan HTTP kamar:
- Waɗanne nau'ikan mime ke tallafawa
- Matsalolin Tsohuwar
- Gzip Kanfigareshan
Kuna iya keɓance waɗannan abubuwan ta amfani da matattara a cikin Wakilin Wakili, waɗanda za mu tattauna daga baya.
Mataki 3 - Kanfigareshan Sabar
A cikin toshewar HTTP, tsarin NGINX ya ƙayyade don sauraron tashar jiragen ruwa 8080 da amsa buƙatun masu shigowa don yankuna. daya.misali.com и www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;Cikin Wakili, Masu Sauraro ne ke sarrafa shi.
Wakilan masu saurare
Mafi mahimmancin al'amari na farawa da Wakilin Wakili shine ayyana masu sauraron ku. Kuna buƙatar ƙirƙirar fayil ɗin sanyi wanda ke bayyana yadda kuke son gudanar da misalin Manzo.
Snippet ɗin da ke ƙasa zai ƙirƙiri sabon mai sauraro kuma ya ɗaure shi zuwa tashar jiragen ruwa 8080. Tsarin yana gaya wa Wakilin Wakilin Waɗanne tashoshin jiragen ruwa da ya kamata su ɗaure don buƙatun masu shigowa.
Wakili Wakili yana amfani da alamar YAML don daidaitawarsa. Don gabatarwa ga wannan bayanin, duba nan .
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }Babu buƙatar ayyana server_name, Tun da Wakilin Wakilai filters zai kula da wannan.
Mataki na 4 - Kanfigareshan Wuri
Lokacin da buƙatu ya zo cikin NGINX, toshe wurin yana ƙayyade yadda ake aiwatarwa da kuma inda za a bi da zirga-zirga. A cikin guntu mai zuwa, duk zirga-zirga zuwa rukunin yanar gizon ana canjawa wuri zuwa sama (bayanin fassarar: sama yawanci uwar garken aikace-aikacen) gungu mai suna. targetCluster. Tarin da ke sama yana bayyana kuɗaɗen da yakamata aiwatar da buƙatar. Za mu tattauna wannan a mataki na gaba.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}A Manzo, Tace suna yin wannan.
Wakilin Tace
Don tsayayyen tsari, masu tacewa suna ƙayyade yadda ake aiwatar da buƙatun masu shigowa. A wannan yanayin mun saita filtata waɗanda suka dace sunan uwar garke a mataki na baya. Lokacin da buƙatun masu shigowa suka zo waɗanda suka dace da wasu yankuna da hanyoyi, ana tura zirga-zirga zuwa gungu. Wannan yayi daidai da tsarin NGINX na ƙasa.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.routerИмя wakili.http_connection_manager ginanniyar tacewa ce a cikin Wakilin Wakili. Wasu tacewa sun haɗa da Redis, mongo, TCP. Kuna iya samun cikakken jerin a .
Don ƙarin bayani game da wasu manufofin daidaita nauyi, ziyarci .
Mataki na 5 - Wakilci da Kanfigareshan Sama
A cikin NGINX, ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun saiti na sabar sabar da za su sarrafa zirga-zirga. A wannan yanayin, an sanya gungu biyu.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}A cikin Manzo, gungu ne ke sarrafa wannan.
Rukunin Wakilai
Ana bayyana daidai abin da ke sama a matsayin gungu. A wannan yanayin, an gano rundunonin da za su yi hidimar zirga-zirgar ababen hawa. Yadda ake isa ga runduna, kamar ƙarewar lokaci, an ayyana shi azaman tsarin tari. Wannan yana ba da damar ƙarin iko akan abubuwa kamar latency da daidaita nauyi.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]Lokacin amfani da gano sabis STRICT_DNS Manzo zai ci gaba da warware ƙayyadaddun maƙasudin DNS. Kowane adireshin IP da aka dawo daga sakamakon DNS za a yi la'akari da shi a matsayin madaidaicin runduna a cikin gungu na sama. Wannan yana nufin cewa idan buƙatar ta dawo da adiresoshin IP guda biyu, Manzo zai ɗauka cewa akwai runduna guda biyu a cikin gungu, kuma duka biyun dole ne su kasance daidaitattun kaya. Idan an cire mai watsa shiri daga sakamakon, Manzo zai ɗauka cewa babu shi kuma zai ja da zirga-zirga daga duk wani tafkin haɗin da ke akwai.
Don ƙarin bayani duba .
Mataki 6 - Shiga Shiga da Kurakurai
Tsarin ƙarshe shine rajista. Maimakon tura rajistan ayyukan kuskure zuwa faifai, Wakilin Wakili yana ɗaukar hanyar tushen girgije. Ana fitar da duk rajistan ayyukan aikace-aikace zuwa stdout и stderr.
Lokacin da masu amfani suka yi buƙatu, rajistan ayyukan shiga ba zaɓi bane kuma an kashe su ta tsohuwa. Don ba da damar shiga rajistan ayyukan buƙatun HTTP, kunna daidaitawa access_log ga mai sarrafa haɗin HTTP. Hanyar na iya zama ko dai na'ura kamar stdout, ko fayil akan faifai, dangane da buƙatun ku.
Tsari mai zuwa zai tura duk rajistan ayyukan shiga zuwa stdout (ana buƙatar bayanin mai fassara - stdout don amfani da wakili a cikin docker. Idan ana amfani dashi ba tare da docker ba, to maye gurbin / dev/stdout tare da hanyar zuwa fayil ɗin log na yau da kullun). Kwafi snippet zuwa sashin daidaitawa don mai sarrafa haɗin:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"Sakamakon yakamata yayi kama da haka:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:Ta hanyar tsoho, Manzo yana da sigar tsari wanda ya haɗa da cikakkun bayanan buƙatun HTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"nSakamakon wannan sigar tsarin shine:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"Ana iya daidaita abun cikin fitarwa ta hanyar saita filin tsari. Misali:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"Hakanan ana iya fitar da layin log ɗin a tsarin JSON ta hanyar saita filin json_format. Alal misali:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}Don ƙarin bayani kan Hanyar Yin Rajista, ziyarci
Shiga ba ita ce hanya ɗaya tilo don samun fahimtar aiki tare da Wakilin Wakili ba. Yana da ci-gaba na ganowa da ƙarfin awo da aka gina a ciki. Kuna iya samun ƙarin bayani a ko ta hanyar .
Mataki na 7 - Ƙaddamarwa
Yanzu kun yi ƙaura daga NGINX zuwa Wakilin Wakili. Mataki na ƙarshe shine ƙaddamar da misalin Wakilin Wakili don gwada shi.
Gudu azaman mai amfani
A saman layin daidaitawa na NGINX mai amfani www; Ƙidaya don gudanar da NGINX a matsayin mai amfani mai ƙarancin gata don inganta tsaro.
Wakilin wakili yana ɗaukar hanyar tushen girgije don sarrafa wanda ya mallaki tsari. Lokacin da muka gudanar da Wakilin Wakili ta cikin akwati, za mu iya ƙayyade mai ƙarancin gata.
Ƙaddamar da Wakili Proxy
Umurnin da ke ƙasa zai gudanar da Wakilin Wakili ta cikin akwati Docker akan mai watsa shiri. Wannan umarni yana ba wa wakilin damar sauraron buƙatun masu shigowa a tashar jiragen ruwa 80. Duk da haka, kamar yadda aka ƙayyade a cikin saitunan mai sauraro, Wakilin Wakili yana sauraron zirga-zirgar zirga-zirga a tashar jiragen ruwa 8080. Wannan yana ba da damar tsarin aiki a matsayin mai amfani mai ƙananan dama.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoyGwaji
Tare da wakili yana gudana, ana iya yin gwaje-gwaje da sarrafa su. Umurnin CURL mai zuwa yana ba da buƙatu tare da mai masaukin baki da aka ayyana a cikin saitin wakili.
curl -H "Host: one.example.com" localhost -iBuƙatun HTTP zai haifar da kuskure 503. Wannan saboda haɗin kai na sama baya aiki kuma ba sa samuwa. Don haka, Wakilin Wakili ba shi da wuraren da ake bukata don buƙatun. Umurnin da ke gaba zai fara jerin ayyukan HTTP waɗanda suka dace da ƙayyadaddun ƙayyadaddun don Manzo.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;Tare da sabis ɗin da ake da su, Manzo zai iya samun nasarar wakilcin zirga-zirga zuwa inda yake.
curl -H "Host: one.example.com" localhost -iYa kamata ku ga martani da ke nuna wace kwandon Docker ya sarrafa buƙatar. A cikin rajistan ayyukan Wakilin Wakili ya kamata ku kuma ga fitowar kirtani samun dama.
Ƙarin Maganganun Amsar HTTP
Za ku ga ƙarin kanun HTTP a cikin kanun martani na ainihin buƙatar. Kan kai yana nuna lokacin da mai masaukin baki ya kashe sarrafa buƙatun. An bayyana a cikin millise seconds. Wannan yana da amfani idan abokin ciniki yana so ya ƙayyade lokacin sabis idan aka kwatanta da jinkirin cibiyar sadarwa.
x-envoy-upstream-service-time: 0
server: envoySaitin ƙarshe
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }Ƙarin bayani daga mai fassara
Ana iya samun umarni don shigar da Wakilin Wakili akan gidan yanar gizon
Ta hanyar tsoho, rpm ba shi da tsarin tsarin sabis.
Ƙara tsarin sabis na tsarin /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.targetKuna buƙatar ƙirƙirar directory /etc/envoy/ kuma ku sanya config.yaml config a wurin.
Akwai taɗi ta wayar tarho ta amfani da wakili:
Wakili Proxy baya goyan bayan sadar da abun ciki a tsaye. Don haka, wa zai iya zaɓar fasalin:
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Shin wannan sakon ya ƙarfafa ku don shigar da gwada wakili na wakili?
-
a
-
babu
Masu amfani 75 sun kada kuri'a. Masu amfani 18 sun kaurace.
source: www.habr.com