配置和使用NGINX Plus的状态同步
发表于2020-12-08 18:51
浏览 1.5k
简介
如果多个NGINX Plus实例组织在一个集群中,它们之间可以共享一些状态数据,包括:
•会话保持信息
•请求限制,request limiting
•键值存储,Key-Value存储
所有NGINX Plus实例都可以与集群中的所有其他成员交换状态数据,前提是共享内存区域在所有集群成员上具有相同的名称,这一点可以通过配置同步来实现。
状态同步对于NGINX集群的运作有着重要的意义,用户请求无论到达哪个NGINX实例,都将遵循相同的转发和处理策略,维持了会话的持续性,降低了应用设计的复杂度,同时也节约了运维成本。
下面简单介绍一下如何配置和使用状态同步。
1. 配置NGINX状态同步。
stream {
# Example configuration for TCP load balancing
resolver 10.1.10.100 status_zone=resolver-stream;
keyval_zone zone=kv_stream:32k state=/var/lib/nginx/state/kv_stream.keyval timeout=1d sync;
keyval kv_stream_demo $name zone=kv_stream;
# Server for zone sync
server {
zone_sync;
listen 9000;
zone_sync_server cluster.nginxdemo.com:9000 resolve;
#zone_sync_server 10.1.10.30:9000;
#zone_sync_server 10.1.10.31:9000;
}
}在stream配置中增加zone_sync、zone_sync_server的相关配置,可以使用DNS方式动态获取集群中实例的地址,亦可直接配置每一实例的IP地址。在上述示例中,我们使用DNS解析的方式。
[root@centos30 ~]# dig @10.1.10.100 cluster.nginxdemo.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2 <<>> @10.1.10.100 cluster.nginxdemo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37025
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cluster.nginxdemo.com. IN A
;; ANSWER SECTION:
cluster.nginxdemo.com. 30 IN A 10.1.10.30
cluster.nginxdemo.com. 30 IN A 10.1.10.31
;; AUTHORITY SECTION:
nginxdemo.com. 86400 IN NS ns1.nginxdemo.com.
;; ADDITIONAL SECTION:
ns1.nginxdemo.com. 600 IN A 10.1.10.31
ns1.nginxdemo.com. 600 IN A 10.1.10.30
;; Query time: 0 msec
;; SERVER: 10.1.10.100#53(10.1.10.100)
;; WHEN: 六 12月 05 20:54:13 CST 2020
;; MSG SIZE rcvd: 132
[root@centos30 ~]#完成配置后,重新load NGINX配置,检查实例间是否建立连接。
[root@centos30 ~]#
[root@centos30 ~]# netstat -anp | grep nginx
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 73748/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 73748/nginx: master
tcp 0 0 10.1.10.30:48038 10.1.10.31:9000 ESTABLISHED 82919/nginx: worker
tcp 0 0 10.1.10.30:9000 10.1.10.31:35072 ESTABLISHED 82920/nginx: worker
udp 0 0 10.1.10.30:48679 10.1.10.100:53 ESTABLISHED 82919/nginx: worker
udp 0 0 10.1.10.30:37455 10.1.10.100:53 ESTABLISHED 82919/nginx: worker
unix 3 [ ] STREAM CONNECTED 299863 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299865 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299862 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299864 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299866 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299868 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299869 73748/nginx: master
unix 3 [ ] STREAM CONNECTED 299867 73748/nginx: master
[root@centos30 ~]#
[root@centos31 ~]#
[root@centos31 ~]#
[root@centos31 ~]# netstat -anp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 98614/nginx: master
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 98614/nginx: master
tcp 0 0 10.1.10.31:35072 10.1.10.30:9000 ESTABLISHED 98615/nginx: worker
tcp 0 0 10.1.10.31:9000 10.1.10.30:48038 ESTABLISHED 98616/nginx: worker
udp 0 0 10.1.10.31:56166 10.1.10.100:53 ESTABLISHED 98615/nginx: worker
udp 0 0 10.1.10.31:42241 10.1.10.100:53 ESTABLISHED 98615/nginx: worker
unix 3 [ ] STREAM CONNECTED 356394 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356395 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356388 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356392 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356391 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356393 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356390 98614/nginx: master
unix 3 [ ] STREAM CONNECTED 356389 98614/nginx: master
[root@centos31 ~]#上面的示例可见,两台NGINX之间已经通过9000端口建立连接。
查看NGINX日志。
[root@centos31 ~]# tail -f /var/log/nginx/error.log
2020/12/05 19:04:46 [notice] 98615#98615: *5 node is online, node: 10.1.10.31
2020/12/05 19:04:46 [notice] 98615#98615: *5 zone "keyval_backup" done while sending snapshots, node: 10.1.10.31
2020/12/05 19:04:46 [notice] 98615#98615: *5 zone "kv_stream" done while sending snapshots, node: 10.1.10.31
2020/12/05 19:04:46 [notice] 98617#98617: *7 detected local connection id, closing, client: 10.1.10.31, server: 0.0.0.0:9000
2020/12/05 19:04:46 [notice] 98615#98615: *5 node is offline: ignore self, node: 10.1.10.31
2020/12/05 19:04:46 [notice] 98615#98615: *6 connected to peer "10.1.10.30", node: 10.1.10.30
2020/12/05 19:04:46 [notice] 98615#98615: *6 node is online, node: 10.1.10.30
2020/12/05 19:04:46 [notice] 98615#98615: *6 zone "keyval_backup" done while sending snapshots, node: 10.1.10.30
2020/12/05 19:04:46 [notice] 98615#98615: *6 zone "kv_stream" done while sending snapshots, node: 10.1.10.30
2020/12/05 19:04:47 [notice] 98616#98616: *9 accepted client 10.1.10.30, client: 10.1.10.30, server: 0.0.0.0:9000
^C
[root@centos31 ~]#2. 配置Key/Value进行验证。
我们在stream中增加了一个用于验证测试的Key/Value存储。
keyval_zone zone=kv_stream:32k state=/var/lib/nginx/state/kv_stream.keyval timeout=1d sync;
keyval kv_stream_demo $name zone=kv_stream;3. 通过API对Key/Value进行存取操作,验证状态是否同步。
3.1 API操作前的状态记录
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.30/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 93 100 93 0 0 93000 0 --:--:-- --:--:-- --:--:-- 93000
{
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.31/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 93 100 93 0 0 93000 0 --:--:-- --:--:-- --:--:-- 93000
{
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$两个NGINX实例中KV状态一致。
3.2 通过API向10.1.10.30中增加一个记录, "key130": "value130"
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X POST "http://10.1.10.30/api/6/stream/keyvals/kv_stream" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"key130\": \"value130\"}" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 23 0 0 100 23 0 23000 --:--:-- --:--:-- --:--:-- 23000
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.30/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 113 100 113 0 0 110k 0 --:--:-- --:--:-- --:--:-- 110k
{
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key130": "value130",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.31/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 113 100 113 0 0 110k 0 --:--:-- --:--:-- --:--:-- 110k
{
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key130": "value130",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$可以看到10.1.10.31中也同步增加了一条相同的记录。
3.3 通过API向10.1.10.31中增加一个记录, "key131": "value131"
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X POST "http://10.1.10.31/api/6/stream/keyvals/kv_stream" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"key131\": \"value131\"}" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 23 0 0 100 23 0 23000 --:--:-- --:--:-- --:--:-- 23000
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.31/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 133 100 133 0 0 129k 0 --:--:-- --:--:-- --:--:-- 129k
{
"key131": "value131",
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key130": "value130",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.30/api/6/stream/keyvals/kv_stream" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 133 100 133 0 0 129k 0 --:--:-- --:--:-- --:--:-- 129k
{
"key131": "value131",
"key1": "value1",
"key100": "value100",
"key200": "value200",
"key110": "value110",
"key130": "value130",
"key2": "value2"
}
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$可以看到10.1.10.30中也同步增加了一条相同的记录。
3.4 查看同步统计信息
SGI-ML-00005332:~ xiong$
SGI-ML-00005332:~ xiong$ curl -X GET "http://10.1.10.30/api/6/stream/zone_sync/" -H "accept: application/json" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 205 100 205 0 0 200k 0 --:--:-- --:--:-- --:--:-- 200k
{
"status": {
"nodes_online": 1,
"msgs_in": 8,
"msgs_out": 14,
"bytes_in": 695,
"bytes_out": 1414
},
"zones": {
"keyval_backup": {
"records_total": 0,
"records_pending": 0
},
"kv_stream": {
"records_total": 7,
"records_pending": 0
}
}
}
SGI-ML-00005332:~ xiong$当然,也可以通过dashboard查看:
4. 总结
NGINX Plus可以轻松配置和使用状态同步,提升效能,降低成本,为大规模交付大并发、高吞吐、高可靠应用提供可有力的支撑。
已修改于2023-03-09 02:07
写下您的评论
全部评论(0)
按点赞数排序
按时间排序
相关文章
NGINX开源版本和商用版本的差异化对比
先从官方的对比图讲起:
其中NGINXPLUS一栏代表当前商用版本的功能/场景支持列表,NGINXOSS一栏代表社区开源版本的功能支持列表。
再从NGINX模块增强角度的对比图讲起:
其中新增的商业版本模块,是在原来开源模块基础上额外具备的,简单地说是商业版本独有的;其次,开源模块的增强部分,在商业版本里相比传统的开源模块,又做了些许优化与提升。
出处引用:https://www.nginx.com/products/nginx/#compare-versions
最后从NGINXController角度和社区开源版本的行业定制的对比图说起:
某行业基于开源版本的定制化视图:
NGINX官方部分摘录:
从这一系列的结构介绍里可以看出,NGINXController对部署的要求及NGINX服务的纳管情况,简单地说提供一个平台工具来定位用了哪些NGINX服务,NGINX服务的进程情况如何,NGINX相关监控指标运行情况等,相比某行业基于开源版的定制,一个是追求原味的呈现,另一个是更贴近客
点赞 1
浏览 1.3kNGINXPLUS提供了集群同步的脚本,可以实现集群中各实例的配置同步。具体的同步方法如下:l NGINXPLUS同步配置首先需要在被同步的从NGINXPLUS实例上配置针对主NGINXPLUS实例的免密SSH登录,配置方式如下:在主NGINXPLUS实例上生成本机的公钥和私钥:
ssh-keygen-trsa
这时,会在~/.ssh目录下生成文件将公钥发送到从NGINXPLUS实例上,发送成功后,会在从NGINXPLUS的~/.ssh下生成authorized_keys文件
ssh-cory-id-i
~/.ssh/id_rsa.pubroot@192.168.174.133(主NGINXPLUS的地址)
NGINXPlus通常部署在两个或更多设备的HA群集中。可以通过配置同步功能使管理员可以将配置从群集中的一台计算机(主服务器)推送到其对等服务器:在主NGINXPLUS上安装nginx-sync文件:yuminstallnginx-sync在主服务器上创建nginx-sync.conf配置文件:创建
点赞 0浏览 2k演示环境如上图所示,一台服务器上部署一个NGINXPlus实例,三个MySQL 容器集群,通过NGINXPlus实现MySQL集群的负载。1 安装NGINXPlus 检查NGINXPlus证书有效性:[root@centos32nginx]#[root@centos32nginx]#opensslx509-innginx-repo.crt-noout-datesnotBefore=Nov2807:39:372020GMTnotAfter=May2707:39:372021GMT[root@centos32nginx]#[root@centos32nginx]#[root@centos32nginx]#安装NGINXPlus:[root@centos32~]#[root@centos32~]#[root@centos32~]#systemctlstatusnginxUnitnginx.servicecouldnotbefound.
点赞 0浏览 1.4k
保持联系
微信公众号
加入微信群
开放 · 包容 · 沟通 · 贡献
Copyright © F5, Inc. All Rights Reserved. F5 版权所有
