Orchestrator RAFT Leader Check with Proxy pass with Basic Auth Using Nginx



Recently we have setup Orchestrator in High Availability mode using RAFT. We are running a 3 node setup in which there used to be a leader and rest 2 are Healthy raft member.


So To access orchestrator service we may only speak to the leader node using /api/leader-check as HTTP health check for our proxy. This url returns http 200 on leader and 404 on members. So using below code in open nginx we have setup http health check with basic auth.
Prerequisite: Lua support should be enabled in nginx.
Below code is to define upstreams with healthcheck: 
upstream orchestrator {
      server 10.xx.xx.35:3000 max_fails=2;
      server 10.xx.xx.37:3000 max_fails=2;
      server 10.xx.xx.40:3000 max_fails=2;
    }

    lua_shared_dict myhealthcheck 1m;
    lua_socket_log_errors off;
    include /etc/nginx/lua/active_health_checks.lua;
Lua Script for health check: 
Before creating script we will need a hash with base64 encoding below is the command to create it:
echo -n 'user:password' | base64
Lua script defined in HealthCheck: /etc/nginx/lua/active_health_checks.lua 
init_worker_by_lua_block {
        local hc = require "resty.upstream.healthcheck"

        local ok, err = hc.spawn_checker{
            shm = "myhealthcheck",  -- defined by "lua_shared_dict"
            upstream = "orchestrator", -- defined by "upstream"
            type = "http",

            http_req = "GET /api/leader-check HTTP/1.0\r\nHost: orchestrator.domain.com\r\nAuthorization: Basic {output of command}\r\n\r\n",
            interval = 3000,  -- run the check cycle every 3 sec
            timeout = 3000,   -- 3 sec is the timeout for network operations
            fall = 3,  -- # of successive failures before turning a peer down
            rise = 2,  -- # of successive successes before turning a peer up
            valid_statuses = {200, 302, 301},  -- a list valid HTTP status code
            concurrency = 10,  -- concurrency level for test requests
        }
        if not ok then
            ngx.log(ngx.ERR, "failed to spawn health checker: ", err)
            return
        end
    }
Note: I am quite new to Nginx So I would love to see comments in improving it.

Comments

  1. Shlomi NoachJune 5, 2020 at 5:37 PM

    Looks good! (Though I'm not very knowledgeable about Nginx and Lua).
    It's worth noting that in a Raft setup, even if you do happen to make a request to a non-leader node, the node you communicate with will forward the request to the leader. This works when the node you communicate with can _see_ the leader. It's best to communicate to the leader directly.

    ReplyDelete
    Replies
    1. Ankit KumarJune 6, 2020 at 4:26 PM

      Thanks much for the clarification! Please keep guiding us.

      Delete
  2. bhanu sreeeDecember 19, 2020 at 11:55 AM

    It is so nice blog. I was really satisfied by seeing this blog.
    Workday Integration Course India
    Workday Online Integration Course Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

Shell/Bash Commands Execution from MySQL Client or Stored Procedure/function

Image
Today I am going to explain ways to execute shell or bash commands from mysql clients or stored procedure and function. There are basically 2 method to do so: Method 1: Use MySQL Client inbuilt feature  To run single command: \! command or system command. eg \! uptime or system command  To get terminal \! bash or \! sh Method 2: Deploy external plugin ( lib_mysqludf_sys ) Step 1: Download lib_mysqludf_sys from github: git clone https://github.com/mysqludf/lib_mysqludf_sys.git Step 2: Install libmysqlclient15-dev, for Ubuntu you can use: apt-get install libmysqlclient15-dev Step 3: Note down o/p of: mysql -uroot -pxxxx -e "select @@plugin_dir;" Step 4: Change directory to git clone dir. cd lib_mysqludf_sys/ Step 5: Compile and put plugin in plugin dir gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o {value from step 3}lib_mysqludf_sys.so -fPIC Step 6: Create necessary functions for lib_mysqludf_sys: mysql -uroo...
Read more

Azure VM Application Consistent MySQL DB Disk Snapshots

Image
Backup of Database is the pillar of our system which is necessary and mandatory to provide us data incase of crash, new machine provisioning and many other scenarios listed here .  As part of the backup process, a snapshot is taken, and the data is transferred to the Recovery Services vault with no impact on production workloads. The snapshot provides different levels of consistency, as described below: 1. Application-consistent: App-consistent backups capture memory content and pending I/O operations. App-consistent snapshots use a VSS writer (or pre/post scripts for Linux) to ensure the consistency of the app data before a backup occurs. When you're recovering a VM with an app-consistent snapshot, the VM boots up. There's no data corruption or loss. The apps start in a consistent state. 2. File-system consistent: File-system consistent backups provide consistency by taking a snapshot of all files at the same time. When you're recovering a VM with a file-system cons...
Read more

How to remove/deregister an instance from PMM?

Image
We all need a monitoring system like pmm to monitor our database. Let me give a brief about how pmm works. So PMM uses prometheus to store metrics/graphs and grafana to display them. As seen in the architecture diagram prometheus uses consul to get the list of host to scrap metrics. More information on architecture and installation are available in docs. We were facing issues related to down hosts and if setup alerts in grafana for down host and host is terminated it continuously throws alerts. So problem was how can we remove/deregister instances from pmm. We can access consul UI using below link: http://PMM-SERVER/consul/#/dc1/ Previously there was option available on this ui to deregister host. while in the new releases of consul it has been removed see link . But now we can use below procedure from command line to deregister hosts from consul. Get list of nodes: curl -s 'http://USER:PASSWORD@PMM-SERVER-IP/v1/internal/ui/nodes?dc=dc1' | python -mjso...
Read more