Orchestrator RAFT Leader Check with Proxy pass with Basic Auth Using Nginx



Recently we have setup Orchestrator in High Availability mode using RAFT. We are running a 3 node setup in which there used to be a leader and rest 2 are Healthy raft member.


So To access orchestrator service we may only speak to the leader node using /api/leader-check as HTTP health check for our proxy. This url returns http 200 on leader and 404 on members. So using below code in open nginx we have setup http health check with basic auth.
Prerequisite: Lua support should be enabled in nginx.
Below code is to define upstreams with healthcheck: 
upstream orchestrator {
      server 10.xx.xx.35:3000 max_fails=2;
      server 10.xx.xx.37:3000 max_fails=2;
      server 10.xx.xx.40:3000 max_fails=2;
    }

    lua_shared_dict myhealthcheck 1m;
    lua_socket_log_errors off;
    include /etc/nginx/lua/active_health_checks.lua;
Lua Script for health check: 
Before creating script we will need a hash with base64 encoding below is the command to create it:
echo -n 'user:password' | base64
Lua script defined in HealthCheck: /etc/nginx/lua/active_health_checks.lua 
init_worker_by_lua_block {
        local hc = require "resty.upstream.healthcheck"

        local ok, err = hc.spawn_checker{
            shm = "myhealthcheck",  -- defined by "lua_shared_dict"
            upstream = "orchestrator", -- defined by "upstream"
            type = "http",

            http_req = "GET /api/leader-check HTTP/1.0\r\nHost: orchestrator.domain.com\r\nAuthorization: Basic {output of command}\r\n\r\n",
            interval = 3000,  -- run the check cycle every 3 sec
            timeout = 3000,   -- 3 sec is the timeout for network operations
            fall = 3,  -- # of successive failures before turning a peer down
            rise = 2,  -- # of successive successes before turning a peer up
            valid_statuses = {200, 302, 301},  -- a list valid HTTP status code
            concurrency = 10,  -- concurrency level for test requests
        }
        if not ok then
            ngx.log(ngx.ERR, "failed to spawn health checker: ", err)
            return
        end
    }
Note: I am quite new to Nginx So I would love to see comments in improving it.

Comments

  1. Shlomi NoachJune 5, 2020 at 5:37 PM

    Looks good! (Though I'm not very knowledgeable about Nginx and Lua).
    It's worth noting that in a Raft setup, even if you do happen to make a request to a non-leader node, the node you communicate with will forward the request to the leader. This works when the node you communicate with can _see_ the leader. It's best to communicate to the leader directly.

    ReplyDelete
    Replies
    1. Ankit KumarJune 6, 2020 at 4:26 PM

      Thanks much for the clarification! Please keep guiding us.

      Delete
  2. bhanu sreeeDecember 19, 2020 at 11:55 AM

    It is so nice blog. I was really satisfied by seeing this blog.
    Workday Integration Course India
    Workday Online Integration Course Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

Shell/Bash Commands Execution from MySQL Client or Stored Procedure/function

Image
Today I am going to explain ways to execute shell or bash commands from mysql clients or stored procedure and function. There are basically 2 method to do so: Method 1: Use MySQL Client inbuilt feature  To run single command: \! command or system command. eg \! uptime or system command  To get terminal \! bash or \! sh Method 2: Deploy external plugin ( lib_mysqludf_sys ) Step 1: Download lib_mysqludf_sys from github: git clone https://github.com/mysqludf/lib_mysqludf_sys.git Step 2: Install libmysqlclient15-dev, for Ubuntu you can use: apt-get install libmysqlclient15-dev Step 3: Note down o/p of: mysql -uroot -pxxxx -e "select @@plugin_dir;" Step 4: Change directory to git clone dir. cd lib_mysqludf_sys/ Step 5: Compile and put plugin in plugin dir gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o {value from step 3}lib_mysqludf_sys.so -fPIC Step 6: Create necessary functions for lib_mysqludf_sys: mysql -uroo
Read more

How to remove/deregister an instance from PMM?

Image
We all need a monitoring system like pmm to monitor our database. Let me give a brief about how pmm works. So PMM uses prometheus to store metrics/graphs and grafana to display them. As seen in the architecture diagram prometheus uses consul to get the list of host to scrap metrics. More information on architecture and installation are available in docs. We were facing issues related to down hosts and if setup alerts in grafana for down host and host is terminated it continuously throws alerts. So problem was how can we remove/deregister instances from pmm. We can access consul UI using below link: http://PMM-SERVER/consul/#/dc1/ Previously there was option available on this ui to deregister host. while in the new releases of consul it has been removed see link . But now we can use below procedure from command line to deregister hosts from consul. Get list of nodes: curl -s 'http://USER:PASSWORD@PMM-SERVER-IP/v1/internal/ui/nodes?dc=dc1' | python -mjso
Read more

MySQL: How to monitor MySQL Replication Lag in MilliSeconds With PMM and pt-heartbeat

Image
There could be various requirements at application end which need realtime slaves. Let me introduce a solution to a problem we used to face how can we monitor whether our slaves are real time or they are lagging in Milliseconds. Unfortunately there is no built in feature in MySQL to get Replication Lag in MilliSeconds. Perhaps there is a tool provisioned in pt-toolkit named as pt-heartbeat . It generates heartbeat events on master and monitoring system can monitor time difference on slave to calculate lag. How to deploy pt-heartbeat in your environment (Assuming OS as UBUNTU xx.xx): Step 1: Download pt-heartbeat using below command. wget http://percona.com/get/pt-heartbeat -P /usr/bin/ && chmod +x /usr/bin/pt-heartbeat Step 2: It requires a database where it can create a table. Let's create it on master. mysql -uUser -pPassword -e "create database if not exists percona;" Step 3: Create heartbeat table in percona db. pt-heartbeat -D percon
Read more