Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa HTTP/TCP balancer HAProxy 2.0

Kutulutsidwa kwa HTTP/TCP balancer HAProxy 2.0

Lofalitsidwa load balancer kumasulidwa Pulogalamu ya HA 2.0, zomwe zimakulolani kugawa magalimoto a HTTP ndi zopempha zosagwirizana ndi TCP pakati pa gulu la ma seva, poganizira zinthu zambiri (mwachitsanzo, imayang'ana kupezeka kwa ma seva, imayang'ana kuchuluka kwa katundu, imakhala ndi DDoS countermeasures) ndikuchita kusefa koyambirira ( mwachitsanzo, mutha kusanthula mitu ya HTTP, magawo amafunso osokonekera, block SQL ndi XSS m'malo, lumikizani othandizira okonza zinthu). HAProxy ikhozanso gwiritsani ntchito kugwirizanitsa kuyanjana kwa zigawo mu machitidwe kutengera kamangidwe ka microservices. Khodi ya polojekitiyi yalembedwa mu C ndi zoperekedwa zololedwa pansi pa GPLv2. Ntchitoyi imagwiritsidwa ntchito pamasamba ambiri akulu, kuphatikiza Airbnb, Alibaba, GitHub, Imgur, Instagram, Reddit, StackOverflow, Tumblr, Twitter ndi Vimeo.

Zofunikira zomasulidwa:

  • API yatsopano idayambitsidwa Dongosolo La Deta, zomwe zimakulolani kuti muzitha kuyang'anira makonzedwe a HAProxy pa ntchentche kudzera pa REST Web API. Kuphatikizirapo, mutha kuwonjezera ndikuchotsa ma backend ndi ma seva, kupanga ma ACL, kusintha njira zofunsira, kusintha zomangira za IP;
  • Anawonjezera malangizo a nbthread, omwe amakupatsani mwayi wokonza kuchuluka kwa ulusi womwe umagwiritsidwa ntchito mu HAProxy kuti muwongolere magwiridwe antchito pa ma CPU ambiri. Mwachikhazikitso, kuchuluka kwa ulusi wa ogwira ntchito kumasankhidwa kutengera ma CPU cores omwe alipo pakalipano, ndipo m'malo amtambo chokhazikika ndi ulusi umodzi. Kuti muyike malire olimba, zosankha za msonkhano MAX_THREADS ndi MAX_PROCS zawonjezedwa, ndikuchepetsa malire apamwamba pa kuchuluka kwa ulusi ndi njira;
  • Kugwiritsiridwa ntchito kwa bind Directive kwa omangiriza kumaadiresi a netiweki kwaphweka. Mukakhazikitsa, sikoyeneranso kufotokozera magawo a ndondomeko - mwachisawawa, maulumikizidwe adzagawidwa pakati pa ulusi kutengera kuchuluka kwa maulumikizidwe omwe akugwira ntchito.
  • Kuyika zipika mukamayendetsa muzotengera zakutali kwakhala kosavuta - chipikacho tsopano chitha kutumizidwa ku stdout ndi stderr, komanso kumasulira kwamafayilo aliwonse omwe alipo (mwachitsanzo, "log fd@1 local0");
  • Thandizo la HTX (Native HTTP Representation) limayatsidwa mwachisawawa, kulola kusanja mukamagwiritsa ntchito zida zapamwamba monga HTTP/2 yomaliza, Layer 7 Retries ndi gRPC. HTX sichimalowetsa mitu m'malo mwake, koma imachepetsa ntchito yosinthira kuti ichotse ndikuwonjezera mutu watsopano kumapeto kwa mndandanda, zomwe zimakupatsani mwayi wogwiritsa ntchito mitundu yonse yowonjezereka ya protocol ya HTTP, kusunga semantics yoyambirira ya mitu ndikukulolani. kukwaniritsa magwiridwe antchito apamwamba pomasulira HTTP/2 kupita ku HTTP/1.1 ndi mosemphanitsa;
  • Thandizo lovomerezeka la End-to-End HTTP/2 mode (kukonza magawo onse mu HTTP/2, kuphatikizapo kuyitana kwa backend, osati kungolumikizana pakati pa proxy ndi kasitomala);
  • Thandizo lathunthu la mayendedwe apawiri a proxying ya gRPC protocol yakhazikitsidwa ndikutha kusanthula mitsinje ya gRPC, kuwunikira mauthenga amodzi, kuwonetsa kuchuluka kwa gRPC mu chipika ndi kusefa mauthenga pogwiritsa ntchito ma ACL. gRPC imakupatsani mwayi wokonza ntchito zama microservices m'zilankhulo zosiyanasiyana zamapulogalamu zomwe zimalumikizana wina ndi mnzake pogwiritsa ntchito API yapadziko lonse lapansi. Kuyankhulana kwa netiweki mu gRPC kumakhazikitsidwa pamwamba pa HTTP/2 protocol ndipo kumatengera kugwiritsa ntchito Protocol Buffers pakusunga deta.
  • Thandizo lowonjezera la "Layer 7 Retries" mode, lomwe limakupatsani mwayi wotumiza zopempha za HTTP mobwerezabwereza pakagwa zolephera zamapulogalamu zomwe sizikugwirizana ndi zovuta zoyambitsa kulumikizidwa kwa netiweki (mwachitsanzo, ngati palibe yankho kapena kuyankha kopanda pake kwa a. POST pempho). Kuti mulepheretse mawonekedwe, mbendera ya "disable-l7-retry" yawonjezedwa ku "http-request" njira, ndipo njira ya "try-on" yawonjezedwa kuti ikonzedwe bwino muzosasintha, mvetserani ndi zigawo za backend. Zizindikiro zotsatirazi zilipo kuti zitumizidwenso: zolakwika zonse zomwe zingayesedwenso, palibe, kulephera, kuyankha mopanda kanthu, kuyankha mopanda kanthu, kuyankha nthawi yomaliza, 0rtt-kukanidwa, komanso kumangiriza ma code code (404, etc.) ;
  • Woyang'anira ndondomeko watsopano wakhazikitsidwa, zomwe zimakulolani kuti musinthe kuyitana mafayilo akunja omwe angathe kuchitidwa ndi ogwira ntchito a HAProxy.
    Mwachitsanzo, API ya Data Plan (/usr/sbin/dataplaneapi), komanso makina osiyanasiyana opangira ma Offload stream, amayendetsedwa ngati wogwirizira akunja;

  • Zomangira zawonjezeredwa ku .NET Core, Go, Lua ndi Python popanga zowonjezera za SPOE (Stream Processing Offload Engine) ndi SPOP (Stream Processing Offload Protocol). M'mbuyomu, chitukuko chowonjezera chinathandizidwa kokha mu C;
  • Anawonjezera chogwirizira chakunja cha spoa-mirror (/usr/sbin/spoa-mirror) pazofunsira zowonera ku seva yosiyana (mwachitsanzo, kukopera gawo la kuchuluka kwa magalimoto opangira kuyesa malo oyesera pansi pa katundu weniweni);
  • Yovomerezedwa ndi HAProxy Kubernetes Ingress Controller kuonetsetsa kuphatikizidwa ndi nsanja ya Kubernetes;
  • Thandizo lowonjezera lothandizira kutumiza ziwerengero kumayendedwe owunikira Prometheus;
  • Protocol ya Peers, yomwe imagwiritsidwa ntchito posinthanitsa zidziwitso ndi ma node ena omwe akuyendetsa HAProxy, yawonjezedwa. Kuphatikizira chithandizo chowonjezera cha Kugunda kwa Mtima ndi kutumiza kwa data kobisika;
  • Gawo la "chitsanzo" lawonjezeredwa ku ndondomeko ya "log", yomwe imakulolani kutaya gawo lokha la zopempha mu chipika, mwachitsanzo 1 pa 10, kuti mupange chitsanzo chowunikira;
  • Kuwonjezedwa kwa mbiri yakale (profiling.tasks Directive, yomwe imatha kutenga ma values ​​okha, kuyatsa ndi kuzimitsa). Mbiri yodziwikiratu imayatsidwa ngati kuchedwa kwapakati kupitilira 1000 ms. Kuti muwone zambiri za mbiri, lamulo la "show profiling" lawonjezeredwa ku Runtime API kapena ndizotheka kukonzanso ziwerengero ku chipika;
  • Thandizo lowonjezera lofikira ma seva obwerera kumbuyo pogwiritsa ntchito protocol ya SOCKS4;
  • Zowonjezera kumapeto mpaka kumapeto kwa makina otsegulira mwachangu maulumikizidwe a TCP (TFO - TCP Fast Open, RFC 7413), yomwe imakuthandizani kuti muchepetse kuchuluka kwa masitepe olumikizirana pophatikiza woyamba kukhala pempho limodzi ndi gawo lachiwiri la njira yachidule yolumikizirana masitepe atatu ndikupangitsa kuti zitheke kutumiza deta poyambira kukhazikitsa kulumikizana;
  • Zatsopano zawonjezeredwa:
    • "http-request replace-uri" kulowetsa ulalo pogwiritsa ntchito mawu okhazikika;
    • "tcp-request content do-resolve" ndi "http-request do-resolve" pofuna kuthetsa dzina la alendo;
    • "tcp-request content set-dst" ndi "tcp-request content set-dst-port" kuti mulowe m'malo mwa adilesi ya IP ndi doko.
  • Anawonjezera ma modules atsopano:
    • aes_gcm_dev pochotsa mitsinje pogwiritsa ntchito ma algorithms a AES128-GCM, AES192-GCM ndi AES256-GCM;
    • protobuf kuchotsa minda kuchokera ku mauthenga a Protocol Buffers;
    • ungrpc kuchotsa minda kuchokera ku mauthenga a gRPC.

    Source: opennet.ru

Kuwonjezera ndemanga