增加xpack安全认证后日志一直打印 elastic 用户认证失败
AnswerI 回复了问题 • 2 人关注 • 1 个回复 • 4643 次浏览 • 2021-01-21 16:37
性能爆表!INFINI Gateway 性能与压力测试结果
liugq 发表了文章 • 3 个评论 • 5971 次浏览 • 2020-12-09 15:37
本文主要是分享下对 INFINI Gateway 的压测过程,使用graphite观测压力测试qps的过程。如有什么错漏的地方,还请多多包涵,不多逼逼,进入正题
硬件配置
主机|型号|CPU|内存/带宽|系统
--|--|--|--|--:
172.31.18.148(gateway1)|aws c5a.8xlarge|x86 32核|64G/10G|Ubuntu 20.04.1 LTS
172.31.24.102(gateway2)|aws c6g.8xlarge|arm 32核|64G/10G|Ubuntu 20.04.1 LTS
172.31.23.133(test)|aws c5a.8xlarge|x86 32核|64G/10G|Ubuntu 20.04.1 LTS
测试准备
系统调优(所有节点)
修改系统参数
vi /etc/sysctl.conf
```
net.netfilter.nf_conntrack_max = 262144
net.nf_conntrack_max = 262144
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.ip_nonlocal_bind=1
fs.file-max=10485760
net.core.rmem_max=4194304
net.core.wmem_max=4194304
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_timestamps=1
net.core.somaxconn=32768
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=65535
net.ipv4.tcp_synack_retries=0
net.core.netdev_max_backlog=65535
net.core.rmem_max=4194304
net.core.wmem_max=4194304
修改默认的本地端口范围
net.ipv4.ip_local_port_range='1024 65535'
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_timestamps=1
```
保存并执行 sysctl -p
修改用户单进程的最大文件数,
用户登录时生效
<br /> echo '* soft nofile 1048576' >> /etc/security/limits.conf <br /> echo '* hard nofile 1048576' >> /etc/security/limits.conf <br />
用户单进程的最大文件数 当前会话生效
ulimit -n 1048576
安装docker,graphite(gateway 安装)
<br /> sudo apt-get update<br /> sudo apt-get install docker.io<br /> docker run -d --name graphite --restart=always -p 80:80 -p 2003-2004:2003-2004 -p 2023-2024:2023-2024 -p 8125:8125/udp -p 8126:8126 graphiteapp/graphite-statsd<br />
下载安装gateway
下载最新版infini-gateway([https://github.com/medcl/infini-gateway/releases](https://github.com/medcl/infini-gateway/releases)),下载后无需安装即可使用
修改配置文件
解压后将gateway.yml配置文件修改成如下:
```
path.data: data
path.logs: log
entry:
- name: es_gateway #your gateway endpoint
enabled: true
router: not_found #configure your gateway's routing flow
network:
binding: 0.0.0.0:8000
skip_occupied_port: false
reuse_port: true #you can start multi gateway instance, they share same port, to full utilize system's resources
tls:
enabled: false #if your es is using https, the gateway entrypoint should enable https too
flow: - name: not_found #testing flow
filter:
- name: not_found
type: echo
parameters:
str: '{"message":"not found"}'
repeat: 1
- name: not_found
- name: cache_first
filter: #comment out any filter sections, like you don't need cache or rate-limiter
- name: get_cache_1
type: get_cache
parameters:
pass_patterns: ["_cat","scroll", "scroll_id","_refresh","_cluster","_ccr","_count","_flush","_ilm","_ingest","_license","_migration","_ml","_rollup","_data_stream","_open", "_close"]
hash_factor:
header:
- "*"
path: true
query_args:
- id
must_cache:
method:
- GET
path:
- _search
- _async_search
- name: rate_limit_1
type: rate_limit
parameters:
message: "Hey, You just reached our request limit!"
rules: #configure match rules against request's PATH, eg: /_cluster/health, match the first rule and return
- pattern: "/(?P
medcl)/_search" #use index name, will match: /medcl/_search, with limit medcl with max_qps ~=3
max_qps: 3 #setting max qps after match
group: index_name #use regex group name to extract the throttle bucket name - pattern: "/(?P
.*?)/_search" #use regex pattern to match index, will match any /$index/_search, and limit each index with max_qps ~=100
max_qps: 100
group: index_name
- pattern: "/(?P
- name: elasticsearch_1
type: elasticsearch
parameters:
elasticsearch: default #elasticsearch configure reference name
max_connection: 1000 #max tcp connection to upstream, default for all nodes
max_response_size: -1 #default for all nodes
balancer: weight
discovery:
enabled: true - name: set_cache_1
type: set_cache
- name: get_cache_1
- name: request_logging
filter:
- name: request_header_filter
type: request_header_filter
parameters:
include:
CACHE: true - name: request_logging_1
type: request_logging
parameters:
queue_name: request_logging
router:
- name: request_header_filter
- name: default
tracing_flow: request_logging #a flow will execute after request finish
default_flow: cache_first
rules: #rules can't be conflicted with each other, will be improved in the future
- id: 1 # this rule means match every requests, and sent to
cache_first
flow
method:
- "*"
pattern: - /
flow: - cache_first # after match, which processing flow will go through
- "*"
- id: 1 # this rule means match every requests, and sent to
- name: not_found
default_flow: not_found
elasticsearch:
- name: default
enabled: false
endpoint: http://localhost:9200 # if your elasticsearch is using https, your gateway should be listen on as https as well
version: 7.6.0 #optional, used to select es adaptor, can be done automatically after connect to es
indexprefix: gateway
basic_auth: #used to discovery full cluster nodes, or check elasticsearch's health and versions
username: elastic
password: Bdujy6GHehLFaapFI9uf
statsd:
enabled: true
host: 127.0.0.1
port: 8125
namespace: gateway.
modules: - name: elastic
enabled: false
elasticsearch: default
init_template: true - name: pipeline
enabled: true
runners: - name: primary
enabled: true
max_go_routine: 1
threshold_in_ms: 0
timeout_in_ms: 5000
pipeline_id: request_logging_index
pipelines: - name: request_logging_index
start:
joint: json_indexing
enabled: false
parameters:
index_name: "gateway_requests"
elasticsearch: "default"
input_queue: "request_logging"
num_of_messages: 1
timeout: "60s"
worker_size: 6
bulk_size: 5000
process: []
queue:
min_msg_size: 1
max_msg_size: 500000000
max_bytes_per_file: 5010241024*1024
sync_every_in_seconds: 30
sync_timeout_in_seconds: 10
read_chan_buffer: 0
```
开始测试
本文中使用的压测工具http-loader,见附件
为了能充分利用服务器多核资源,测试的时候直接启用多个进程压测x86 gateway服务器
在gateway1上启动五个gateway
<br /> ./gateway-amd64&<br /> ./gateway-amd64&<br /> ./gateway-amd64&<br /> ./gateway-amd64&<br /> ./gateway-amd64&<br />
测试gateway返回内容
curl <a href="http://172.31.18.148:8000" rel="nofollow" target="_blank">http://172.31.18.148:8000</a>
输出
{"message":"not found"}
在gateway2,test机上同时执行(1000个并发压测10分钟)
<br /> ./http-loader -c 1000 -d 600 <a href="http://172.31.18.148:8000" rel="nofollow" target="_blank">http://172.31.18.148:8000</a><br />
观测gateway1服务器指标
使用htop
查看系统负载情况,如下图:
这里我们看到cpu基本跑满,说明gateway已经压到极限了
使用iftop
查看系统网络流量情况,如下图:
使用netstat,ss查看tcp连接数,如下图:
<br /> sudo netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'<br /> ss -s<br />
查看graphite statsd qps指标,如下图:
压测arm gateway服务器
在gateway2上启动五个gateway
<br /> ./gateway-arm64&<br /> ./gateway-arm64&<br /> ./gateway-arm64&<br /> ./gateway-arm64&<br /> ./gateway-arm64&<br />
测试gateway返回内容
curl <a href="http://172.31.18.148:8000" rel="nofollow" target="_blank">http://172.31.18.148:8000</a>
输出
<br /> {"message":"not found"}<br />
在gateway1,test机上同时执行(1000个并发压测10分钟)
<br /> ./http-loader -c 1000 -d 600 <a href="http://172.31.18.148:8000" rel="nofollow" target="_blank">http://172.31.18.148:8000</a><br />
观测gateway2服务器指标
使用htop
查看系统负载情况,如下图:
使用iftop
查看系统网络流量情况,如下图:
使用netstat,ss查看tcp连接数,如下图:
<br /> sudo netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'<br /> ss -s<br />
查看graphite statsd qps指标,如下图:
这里我们可以看到qps基本稳定在125万的qps压测总结
单机压测x86架构机器上能达到95多万的qps, arm架构机器上能达到125万的qps,可见性能还是非常优秀的。由于文章篇幅原因,gateway单进程的压测就不贴了,有兴趣的同学可以自己下载测试下。
- name: default
极限网关 INFINI Gateway 初体验
liaosy 发表了文章 • 3 个评论 • 7830 次浏览 • 2020-12-09 00:57
下载
下载地址:https://github.com/medcl/infini-gateway/releases
找到当前最新版1.1.0_SNAPSHOT
根据自己的操作系统环境选择相应的包下载,本人用的是Macbook,选择了GATEWAY-darwin64.tar.gz
#切换该路径下(路径自定)
cd /Users/shiyang/code/elastic/gateway
#下载
wget https://github.com/medcl/infin ... ar.gz
#下载完后解压
tar -zxvf GATEWAY-darwin64.tar.gz
#解压后能看到两个新文件,一个可执行二进制文件,一个yml配置文件
ls
#gateway-darwin64 gateway.yml
安装部署
在run之前需要先运行elastisearch,否则会报错,如图所示:
接下来先启动es集群(如果你本地还没有部署es,建议先参考官网的es安装教程下载部署)
本机用的es版本为7.9.0,如下图表示启动es成功:
接下来再启动gateway,yml配置文件可以先默认,后续可根据需要再修改。
#启动
./gateway-darwin64
启动成功如下图所示:
成功启动后,我们就可以直接访问gateway了。
curl http://0.0.0.0:8000
到此,gateway就算本地部署完毕了。
是不是很简单?嗯,下载即使用,简单方便。
(接下来可以试用一下gateway的特性了。将发布在下一篇文章。)
从零基础到能够完成微服务可观测性的专家 - Service Map 实践
liuxg 发表了文章 • 0 个评论 • 1285 次浏览 • 2020-12-08 16:33
es7.8脚本更新字段,字段名中可以带有短横线“-”么?
pony_maggie 回复了问题 • 2 人关注 • 1 个回复 • 2102 次浏览 • 2020-12-08 19:06
es三个节点,使用x-pack监控,kibana显示,两个能监控到,一个监控不到
回复fengmh1996 发起了问题 • 1 人关注 • 0 个回复 • 2052 次浏览 • 2020-12-05 12:42
ES 偶发性慢查询 不是GC问题 或者 内存问题
FFFrp 回复了问题 • 2 人关注 • 1 个回复 • 1550 次浏览 • 2020-12-05 09:07
es 跨集群增量同步数据
laoyang360 回复了问题 • 3 人关注 • 1 个回复 • 3003 次浏览 • 2020-12-07 13:19
elasticsearch7.9.3 java高级客户端 查询 中文转义问题造成无法查询到结果
回复huanghui 发起了问题 • 0 人关注 • 0 个回复 • 3757 次浏览 • 2020-12-03 21:14
请教各位大佬,怎么查看索引处于ILM索引生命周期中的那个阶段
waywu 回复了问题 • 2 人关注 • 1 个回复 • 1591 次浏览 • 2020-12-03 17:55