ProHoster > Блог > labaran intanet > Sakin HTTP/TCP mai daidaitawa HAProxy 2.0

Sakin HTTP/TCP mai daidaitawa HAProxy 2.0

aka buga load balancer saki HA Proxy 2.0, wanda ke ba ku damar rarraba zirga-zirgar HTTP da buƙatun TCP na sabani tsakanin rukunin sabobin, la'akari da dalilai da yawa (alal misali, yana bincika samuwar sabobin, yana tantance matakin nauyi, yana da matakan DDoS) kuma yana aiwatar da tace bayanan farko ( alal misali, zaku iya rarraba taken HTTP, tace watsawa ba daidai ba sigogin tambaya, toshe SQL da XSS sauya, haɗa masu sarrafa abun ciki). HAProxy kuma na iya nema don daidaita hulɗar abubuwan da aka gyara a cikin tsarin bisa tsarin gine-ginen microservices. An rubuta lambar aikin a cikin C da kawota mai lasisi a ƙarƙashin GPLv2. Ana amfani da aikin akan manyan shafuka masu yawa, ciki har da Airbnb, Alibaba, GitHub, Imgur, Instagram, Reddit, StackOverflow, Tumblr, Twitter da Vimeo.

Mabuɗin fasali:

  • An gabatar da sabon API Tsarin Bayanai, wanda ke ba ku damar sarrafa saitunan HAProxy akan tashi ta hanyar REST Web API. Ciki har da, zaku iya ƙarawa da cire abubuwan baya da sabobin, ƙirƙirar ACLs, canza hanyar buƙatu, canza ɗaurin mai sarrafa zuwa IP;
  • Ƙara umarnin nbthread, wanda ke ba ku damar saita adadin zaren da aka yi amfani da su a cikin HAProxy don haɓaka aiki akan CPUs masu yawa. Ta hanyar tsoho, ana zaɓar adadin zaren ma'aikaci ya danganta da nau'ikan nau'ikan CPU da ake samu a cikin yanayin yanzu, kuma a cikin yanayin girgije tsoho shine zaren guda ɗaya. Don saita iyakoki masu ƙarfi, an ƙara zaɓuɓɓukan taro MAX_THREADS da MAX_PROCS, suna iyakance iyaka babba akan adadin zaren da matakai;
  • An sauƙaƙa amfani da umarnin ɗaure don ɗaure masu kula da adiresoshin cibiyar sadarwa. Lokacin kafawa, ba lallai ba ne don ayyana sigogin tsari - ta tsohuwa, za a rarraba haɗin kai tsakanin zaren dangane da adadin haɗin da ke aiki.
  • An sauƙaƙe saita rajistan ayyukan yayin aiki a cikin keɓaɓɓen kwantena - yanzu ana iya aikawa da log ɗin zuwa stdout da stderr, da kuma kowane mai bayanin fayil ɗin da ke akwai (misali, “log fd@1 local0”);
  • An kunna goyan bayan HTX (Wakilin HTTP na asali) ta tsohuwa, bada izinin daidaitawa lokacin amfani da abubuwan ci gaba kamar HTTP/2 na ƙarshe zuwa ƙarshe, Sake gwadawa na Layer 7 da gRPC. HTX baya maye gurbin masu kai tsaye a wurin, amma yana rage aikin gyare-gyare don cirewa da ƙara sabon taken zuwa ƙarshen jerin, wanda ke ba ku damar sarrafa duk wani bambance-bambancen ka'idojin HTTP, yana adana ainihin ma'anar rubutun kan kuma ba ku damar yin amfani da su. don cimma babban aiki lokacin fassara HTTP/2 zuwa HTTP/1.1 da akasin haka;
  • Ƙara goyan bayan hukuma don yanayin HTTP/2 na Ƙarshe-zuwa-Ƙarshe (aiki na duk matakai a cikin HTTP/2, gami da kira zuwa ga baya, kuma ba kawai hulɗar tsakanin wakili da abokin ciniki ba);
  • An aiwatar da cikakken goyon baya ga proxying bidirectional na ƙa'idar gRPC tare da ikon rarraba rafukan gRPC, nuna alamar saƙon mutum ɗaya, yana nuna zirga-zirgar gRPC a cikin log da tace saƙonni ta amfani da ACLs. gRPC yana ba ku damar tsara ayyukan microservices a cikin harsunan shirye-shirye daban-daban waɗanda ke hulɗa da juna ta amfani da API na duniya. Ana aiwatar da sadarwar hanyar sadarwa a cikin gRPC a saman ka'idar HTTP/2 kuma ta dogara ne akan amfani da Protocol Buffers don serialization na bayanai.
  • Ƙara goyon baya ga yanayin "Layer 7 Retries", wanda ke ba ku damar aika buƙatun HTTP masu maimaitawa a cikin yanayin lalacewar software waɗanda ba su da alaƙa da matsalolin kafa haɗin yanar gizo (misali, idan babu amsa ko amsa mara kyau ga Neman POST). Don musaki yanayin, an ƙara tutar “disable-l7-retry” zuwa zaɓin “http-request”, kuma an ƙara zaɓin “sake gwadawa” don daidaitawa a cikin ɓangarori, saurara da baya. Akwai alamun masu zuwa don sake aikawa: duk-kurakurai da za a iya sake gwadawa, babu ɗaya, rashin gazawa, ba da amsa mara kyau, amsa taƙasa, lokacin ƙarewar amsawa, 0rtt-ƙi, da kuma ɗaure don dawo da lambobin matsayi (404, da sauransu.) ;
  • An aiwatar da sabon manajan tsari, wanda ke ba ku damar daidaita kiran fayilolin aiwatarwa na waje tare da masu kulawa don HAProxy.
    Misali, API ɗin Data Planeapi (/usr/sbin/dataplaneapi), da kuma injunan sarrafa rafi na Offload daban-daban, ana aiwatar da su ta hanyar irin wannan mai sarrafa waje;

  • An ƙara ɗaure don NET Core, Go, Lua da Python don haɓaka SPOE (Injin Gudanar da Rarraba Rarraba) da SPOP (Stream Processing Offload Protocol). A baya can, haɓaka haɓakawa yana tallafawa kawai a cikin C;
  • Ƙara mai kula da spoa-mirror na waje (/ usr / sbin / Spoa-mirror) don yin buƙatun buƙatun zuwa uwar garken daban (misali, don kwafi wani ɓangare na zirga-zirgar samarwa don gwada yanayin gwaji a ƙarƙashin kaya na gaske);
  • Ƙaddamar da HAProxy Kubernetes Ingress Controller don tabbatar da haɗin kai tare da dandalin Kubernetes;
  • Ƙara ginanniyar tallafi don fitar da ƙididdiga zuwa tsarin sa ido Prometheus;
  • Ƙa'idar takwarorinsu, da ake amfani da su don musayar bayanai tare da wasu nodes da ke gudana HAProxy, an ƙara su. Ciki har da ƙarin tallafi don bugun zuciya da rufaffen watsa bayanai;
  • An ƙara ma'aunin "samfurin" zuwa umarnin "log", wanda ke ba ku damar zubar da wani ɓangare na buƙatun a cikin log ɗin, misali 1 cikin 10, don samar da samfurin nazari;
  • Ƙara yanayin bayanin martaba ta atomatik (duwar profiling.tasks, wanda zai iya ɗaukar dabi'u kai tsaye, kunnawa da kashewa). Ana kunna bayanin martaba ta atomatik idan matsakaicin latency ya wuce 1000 ms. Don duba bayanan bayanan, an ƙara umarnin "nuna bayanin martaba" zuwa API ɗin Runtime ko yana yiwuwa a sake saita ƙididdiga zuwa log ɗin;
  • Ƙara goyon baya don samun dama ga sabobin baya ta amfani da ka'idar SOCKS4;
  • Ƙara goyon bayan ƙarshen-zuwa-ƙarshen don injin don buɗe haɗin TCP da sauri (TFO - TCP Fast Open, RFC 7413), wanda ke ba ku damar rage yawan matakan saitin haɗin gwiwa ta hanyar haɗa na farko cikin buƙatu ɗaya da mataki na biyu na tsarin shawarwarin haɗin kai na matakai 3 na al'ada kuma yana ba da damar aika bayanai a matakin farko na kafa haɗi;
  • An ƙara sabbin ayyuka:
    • "http-request maye gurbin-uri" don maye gurbin URL ta amfani da magana ta yau da kullun;
    • "tcp-request abun ciki yi-resolve" da "http-request do-resolve" don warware sunan mai masauki;
    • "tcp-request abun ciki saitin-dst" da "tcp-request abun ciki set-dst-port" don maye gurbin adireshin IP da tashar jiragen ruwa.
  • An ƙara sabon juzu'in juzu'i:
    • aes_gcm_dev don ƙaddamar da rafuka ta amfani da AES128-GCM, AES192-GCM da AES256-GCM algorithms;
    • protobuf don cire filayen daga saƙonnin Buffers Protocol;
    • ungrpc don cire filayen daga saƙonnin gRPC.

    source: budenet.ru

Add a comment