nginx+upsync+consul 构建动态nginx配置系统
參考:
http://www.php230.com/weixin1456193048.html??【upsync模塊說(shuō)明、性能評(píng)測(cè)】
https://www.jianshu.com/p/76352efc5657
https://www.jianshu.com/p/c3fe55e6a5f2
?
說(shuō)明:
動(dòng)態(tài)nginx負(fù)載均衡的配置,可以通過(guò)Consul+Consul-template方式,但是這種方案有個(gè)缺點(diǎn):每次發(fā)現(xiàn)配置變更都需要reload nginx,而reload是有一定損耗的。而且,如果你需要長(zhǎng)連接支持的話,那么當(dāng)reloadnginx時(shí)長(zhǎng)連接所在worker進(jìn)程會(huì)進(jìn)行優(yōu)雅退出,并當(dāng)該worker進(jìn)程上的所有連接都釋放時(shí),進(jìn)程才真正退出(表現(xiàn)為worker進(jìn)程處于worker process is shutting down)。因此,如果能做到不reload就能動(dòng)態(tài)更改upstream,那么就完美了。
目前的開(kāi)源解決方法有3種:
1、Tengine的Dyups模塊
2、微博的Upsync模塊+Consul
3、使用OpenResty的balancer_by_lua,而又拍云使用其開(kāi)源的slardar(Consul + balancer_by_lua)實(shí)現(xiàn)動(dòng)態(tài)負(fù)載均衡。
?
?
這里我們使用的是upsync模塊+consul 來(lái)實(shí)現(xiàn)動(dòng)態(tài)負(fù)載均衡。操作筆記如下:
?
consul的命令很簡(jiǎn)單,官方文檔有詳細(xì)的樣例供參考,這里略過(guò)。
?
?
實(shí)驗(yàn)環(huán)境:
3臺(tái)centos7.3機(jī)器
cat /etc/hosts?如下:
192.168.5.71? node71
192.168.5.72? node72
192.168.5.73? node73
?
consul 我們使用3節(jié)點(diǎn)都是server角色。如果集群內(nèi)某個(gè)節(jié)點(diǎn)宕機(jī)的話,集群會(huì)自動(dòng)重新選主的。
nginx-Upsync模塊:新浪微博開(kāi)源的,,它的功能是拉取?consul?的后端?server?的列表,并更新?Nginx?的路由信息。且reload對(duì)nginx性能影響很少。
?
1、安裝nginx+ nginx-upsync-module(3臺(tái)機(jī)器上都執(zhí)行安裝)
nginx-upsync-module模塊:?https://github.com/weibocom/nginx-upsync-module
nginx版本:1.13.8
?
yum install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel -y
?
cd /root/
git clone https://github.com/weibocom/nginx-upsync-module.git
#?建議使用git clone代碼編譯,剛開(kāi)始我使用release的tar.gz?編譯nginx失敗了
?
groupadd nginx
useradd -g nginx -s /sbin/nologin nginx
mkdir -p /var/tmp/nginx/client/
mkdir -p /usr/local/nginx
?
?
tar xf nginx-1.13.8.tar.gz
cd /root/nginx-1.13.8
?
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre --add-module=/root/nginx-upsync-module
?
make && make install
?
echo 'export PATH=/usr/local/nginx/sbin:$PATH' >> /etc/profile
source /etc/profile
?
2、配置nginx虛擬主機(jī)
在node1上配置虛擬主機(jī):
cat /usr/local/nginx/conf/nginx.conf?內(nèi)容如下:
user? nginx;
worker_processes? 4;
events {
??? worker_connections? 1024;
}
http {
??? include?????? mime.types;
??? default_type? application/octet-stream;
??? sendfile??????? on;
??? tcp_nopush???? on;
??? keepalive_timeout? 65;
??? gzip? on;
??? server {
??????? listen?????? 80;
??????? server_name? 192.168.5.71;
??????? location / {
??????????? root?? /usr/share/nginx/html;
??????????? index? index.html index.htm;
??????? }
??? }
}
?
創(chuàng)建網(wǎng)頁(yè)文件:
echo 'node71' > /usr/share/nginx/html/index.html
?
?
?
在node3上啟動(dòng)虛擬主機(jī):
cat /usr/local/nginx/conf/nginx.conf?內(nèi)容如下:
user? nginx;
worker_processes? 4;
events {
??? worker_connections? 1024;
}
http {
??? include?????? mime.types;
??? default_type? application/octet-stream;
??? sendfile??????? on;
??? tcp_nopush???? on;
??? keepalive_timeout? 65;
??? gzip? on;
??? server {
??????? listen?????? 80;
??????? server_name? 192.168.5.73;
??????? location / {
??????????? root?? /usr/share/nginx/html;
??????????? index? index.html index.htm;
??????? }
??? }
}
?
創(chuàng)建網(wǎng)頁(yè)文件:
echo 'node73' > /usr/share/nginx/html/index.html
?
?
?
在node2上配置虛擬主機(jī):
此處的node2作為L(zhǎng)B負(fù)載均衡+代理服務(wù)器使用
cat /usr/local/nginx/conf/nginx.conf?內(nèi)容如下:
user? nginx;
worker_processes? 1;
error_log? logs/error.log? notice;
pid??????? logs/nginx.pid;
?
events {
??? worker_connections? 1024;
}
?
http {
??? include?????? mime.types;
??? default_type? application/octet-stream;
?
??? log_format? main? '$remote_addr - $remote_user [$time_local] "$request" '
????????????????????? '$status $body_bytes_sent "$http_referer" '
????????????????????? '"$http_user_agent" "$http_x_forwarded_for"'
????????????? '$upstream_addr $upstream_status $upstream_response_time $request_time';
?
??? access_log? logs/access.log? main;
?
??? sendfile??????? on;
??? tcp_nopush???? on;
??? keepalive_timeout? 65;
??? gzip? on;
?
??? upstream pic_backend {
??????? #?兜底假數(shù)據(jù)
??????? # server 192.168.5.72:82;
?
??????? # upsync模塊會(huì)去consul拉取最新的upstream信息并存到本地的文件中
??????? upsync 192.168.5.72:8500/v1/kv/upstreams/pic_backend upsync_timeout=6m upsync_interval=500ms upsync_type=consul strong_dependency=off;
??????? upsync_dump_path /usr/local/nginx/conf/servers/servers_pic_backend.conf;
??? }
?
??? # LB對(duì)外信息
??? server {
??????? listen 80;
??????? server_name? 192.168.5.72;
??????? location = / {
??????? proxy_pass http://pic_backend;
????????? proxy_set_header? Host? $host;
????????? proxy_set_header? X-Real-IP? $remote_addr;
????????? proxy_set_header? X-Forwarded-For? $proxy_add_x_forwarded_for;
????????? add_header??? real $upstream_addr;
??????? }
?
??????? location = /upstream_show {
??????????? upstream_show;
??????? }
?
??????? location = /upstream_status {
??????????? stub_status on;
??????????? access_log off;
??????? }
??? }
??? #?兜底的后端服務(wù)器
??? server {
??????? listen?????? 82;
??????? server_name? 192.168.5.72;
??????? location / {
??????????? root?? /usr/share/nginx/html82/;
??????????? index? index.html index.htm;
??????? }
??? }
?
}
?
創(chuàng)建網(wǎng)頁(yè)文件:
mkdir /usr/share/nginx/html82 -p
echo 'fake data in SLB_72' > /usr/share/nginx/html82/index.html
?
創(chuàng)建upsync_dump_path(consul、upsync存放upstream主機(jī)信息使用到這個(gè)目錄)
mkdir /usr/local/nginx/conf/servers/
?
?
3、安裝consul(3臺(tái)機(jī)器上都執(zhí)行安裝)
cd /root/
mkdir /usr/local/consul/
?
unzip consul_1.0.0_linux_amd64.zip
mv consul /usr/local/consul/
mkdir /etc/consul.d
cd /usr/local/consul/
?
echo 'export PATH=/usr/local/consul/:$PATH' >> /etc/profile
source /etc/profile
?
node71上:
/usr/local/consul/consul agent -server -bootstrap-expect 3 -ui -node=node71 -config-dir=/etc/consul.d --data-dir=/etc/consul.d -bind=192.168.5.71 -client 0.0.0.0
?
node72上:
/usr/local/consul/consul agent -server -bootstrap-expect 3 -ui -node=node72 -config-dir=/etc/consul.d --data-dir=/etc/consul.d -bind=192.168.5.72 -client 0.0.0.0 -join 192.168.5.71
意思是把本節(jié)點(diǎn)加入到192.168.5.71這個(gè)ip的節(jié)點(diǎn)中
?
node73上:
/usr/local/consul/consul agent -server -bootstrap-expect 3 -ui -node=node73 -config-dir=/etc/consul.d --data-dir=/etc/consul.d -bind=192.168.5.73 -client 0.0.0.0 -join 192.168.5.71
意思是把本節(jié)點(diǎn)加入到192.168.5.71這個(gè)ip的節(jié)點(diǎn)中
?
?
這樣的話,就在3臺(tái)主機(jī)前臺(tái)啟動(dòng)了consul程序。
?
可以在任一臺(tái)主機(jī)上執(zhí)行:
consul members?列出當(dāng)前集群的節(jié)點(diǎn)狀態(tài)
?
consul info??列出當(dāng)前集群的節(jié)點(diǎn)詳細(xì)信息? (輸出信息太多,自己運(yùn)行時(shí)候看去吧)
?
訪問(wèn)consul自帶的web界面
http://192.168.5.71/upstream_show?(3個(gè)節(jié)點(diǎn)都開(kāi)了webui,因此我們?cè)L問(wèn)任意節(jié)點(diǎn)都行)
?
?
?
在任一節(jié)點(diǎn)上執(zhí)行如下命令,即可添加2個(gè)key-value信息:
curl -X PUT -d '{"weight":10, "max_fails":2, "fail_timeout":10, "down":0}' http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.71:80
curl -X PUT -d '{"weight":10, "max_fails":2, "fail_timeout":10, "down":0}' http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.73:80
?
在web界面,就可看到如下所示:
?
?
刪除的命令是:
curl -X DELETE http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.71:80
curl -X DELETE http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.73:80
?
?
調(diào)整后端服務(wù)的參數(shù):
curl -X PUT -d '{"weight":10, "max_fails":2, "fail_timeout":10, "down":0}' http://192.168.5.71:8500/v1/kv/upstreams/test/192.168.5.71:80
?
?
4、測(cè)試consul+nginx調(diào)度
在node1、node2、node3上都執(zhí)行?/usr/local/nginx/sbin/nginx?啟動(dòng)nginx服務(wù)
?
訪問(wèn)http://192.168.5.72/upstream_show
?
訪問(wèn)http://192.168.5.72/upstream_status
?
剛才我們?cè)诘谌降臅r(shí)候,執(zhí)行了如下2條命令,自動(dòng)在consul里面加了2行內(nèi)容。
curl -X PUT -d '{"weight":10, "max_fails":2, "fail_timeout":10, "down":0}' http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.71:80
curl -X PUT -d '{"weight":10, "max_fails":2, "fail_timeout":10, "down":0}' http://192.168.5.71:8500/v1/kv/upstreams/pic_backend/192.168.5.73:80
?
我們node2的nginx在啟動(dòng)的時(shí)候,會(huì)去nginx.conf里面配置的consul地址去尋找對(duì)應(yīng)的upstream信息。同時(shí)會(huì)dump一份upstream的配置到/usr/local/nginx/conf/servers目錄下。
[root@node72 /usr/local/nginx/conf/servers ]# cat servers_pic_backend.conf
server 192.168.5.73:80 weight=10 max_fails=2 fail_timeout=10s;
server 192.168.5.71:80 weight=10 max_fails=2 fail_timeout=10s;
?
?
我們可以寫(xiě)個(gè)curl腳本測(cè)試下,如下
for i in {1..100} ;do curl http://192.168.5.72/; done > /root/log
grep -c node71 /root/log ;grep -c node73 /root/log
可以看到curl是輪詢請(qǐng)求到后端的node1和node3上去的。
或者使用for i in {1..100} ;do curl -s -I http://192.168.5.72/|tail -2 |head -1; done
?
如果要下線后端主機(jī)進(jìn)行發(fā)布的話,只要把down參數(shù)置為1即可,類似如下:
curl -X PUT -d '{"weight":2, "max_fails":2, "fail_timeout":10, "down":1}'? http://192.168.5.71:8500/v1/kv/upstreams/test/192.168.5.73:80
?
如果發(fā)布完成并驗(yàn)證后,需要上線,可以再次把down參數(shù)置為0:
curl -X PUT -d '{"weight":2, "max_fails":2, "fail_timeout":10, "down":0}'? http://192.168.5.71:8500/v1/kv/upstreams/test/192.168.5.73:80
?
?
如果調(diào)整在線調(diào)整后端服務(wù)的upstream參數(shù):
curl -X PUT -d '{"weight":2, "max_fails":2, "fail_timeout":10, "down":0}' ?http://192.168.5.71:8500/v1/kv/upstreams/test/192.168.5.73:80
?
?
?
?
說(shuō)明:
1、每次去拉取?consul?都會(huì)設(shè)置連接超時(shí),由于?consul?在無(wú)更新的情況下默認(rèn)會(huì)?hang?五分鐘,所以響應(yīng)超時(shí)配置時(shí)間應(yīng)大于五分鐘。大于五分鐘之后,consul?依舊沒(méi)有返回,便直接做超時(shí)處理。
2、由于upsync模塊會(huì)在pull新數(shù)據(jù)時(shí)候,自動(dòng)在本地存一份upstream配置的副本。因此即便我們上面的3個(gè)consul進(jìn)程全部宕掉了,nginx服務(wù)短時(shí)間內(nèi)也不會(huì)受到影響。只要我們的監(jiān)控完善及時(shí)將consul進(jìn)程啟動(dòng)即可。
?
?
?
此外,還可使用nginx +consulconsul-template這種架構(gòu)來(lái)控制nginx的配置
?
具體可以參考:
https://www.jianshu.com/p/9976e874c099
https://www.jianshu.com/p/a4c04a3eeb57?utm_campaign=maleskine&utm_content=note&utm_medium=seo_notes&utm_source=recommendation
https://www.cnblogs.com/MrCandy/p/7152312.html
https://github.com/hashicorp/consul-template?
官方提供的nginx參考模板:https://github.com/hashicorp/consul-template/blob/master/examples/nginx.md
總結(jié)
以上是生活随笔為你收集整理的nginx+upsync+consul 构建动态nginx配置系统的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Nginx容器动态流量管理方案-ngin
- 下一篇: 开源系统管理资源大合辑