在IBM应用网关中,为Openshift准备Redis服务器复制配置(主/从)
首先
IBM应用程序网关可以通过多种配置模式来实现Redis服务器冗余以存储会话信息。
由于IBM Application Gateway不支持Redis Cluster,因此可选择单机配置、主从配置或哨兵配置。
我們參考了這個網址關於Redis的冗余設置:
https://www.sraoss.co.jp/tech-blog/redis/redis-ha/
这次,我根据Kubernetes指南中的yaml基础结构,尝试创建了主节点/副本的配置。
使用Redis来部署PHP的留言板应用程序
https://kubernetes.io/ja/docs/tutorials/stateless-application/guestbook/
悩みのポイント1: イメージを変更すると、レプリカ側もマスターとして機能してしまう。
Kubernetes指南中的Yaml文件中,镜像被指定如下:
主节点:image: k8s.gcr.io/redis:e2e
副本:image: gcr.io/google_samples/gb-redisslave:v3
当将image更改为Docker Hub上的Redis镜像时,副本也作为主服务器启动了。
https://hub.docker.com/_/redis
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-slave
labels:
app: redis
spec:
selector:
matchLabels:
app: redis
role: slave
tier: backend
replicas: 2
template:
metadata:
labels:
app: redis
role: slave
tier: backend
spec:
containers:
- name: slave
image: redis:latest
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
ports:
- containerPort: 6379
浏览了以下的文章后,我了解到为了将其作为复制品运行,需要进行Redis的配置设置。
以下是用于部署最终系统的主/复制品的YAML文件。
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-master
labels:
app: redis
spec:
selector:
matchLabels:
app: redis
role: master
tier: backend
replicas: 1
template:
metadata:
labels:
app: redis
role: master
tier: backend
spec:
containers:
- name: master
image: redis:latest
command:
- "redis-server"
args:
- "--protected-mode"
- "no"
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 6379
为了作为一个从属工作,并添加了slaveof <主服务名称> <端口号>命令。
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-slave
labels:
app: redis
spec:
selector:
matchLabels:
app: redis
role: slave
tier: backend
replicas: 2
template:
metadata:
labels:
app: redis
role: slave
tier: backend
spec:
containers:
- name: slave
image: redis:latest
command:
- "redis-server"
args:
- "--slaveof"
- "redis-master"
- "6379"
- "--protected-mode"
- "no"
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
ports:
- containerPort: 6379
服务的配置与Kubernetes指南相同。
apiVersion: v1
kind: Service
metadata:
name: redis-master
labels:
app: redis
role: master
tier: backend
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: redis
role: master
tier: backend
apiVersion: v1
kind: Service
metadata:
name: redis-slave
labels:
app: redis
role: slave
tier: backend
spec:
ports:
- port: 6379
selector:
app: redis
role: slave
tier: backend
悩みポイント2:在服务器根目录(/data)中无法保存RDB文件dump.rdb,出现错误信息”Failed opening the RDB file dump.rdb (in server root dir /data) for saving: Permission denied”,导致主/从节点无法同步。
在主服务器的日志中输出了”无法打开位于服务器根目录/data中的RDB文件dump.rdb,保存失败:权限被拒绝”。
1:M 06 Apr 2022 04:14:02.271 * Replica 172.30.169.41:6379 asks for synchronization
1:M 06 Apr 2022 04:14:02.271 * Full resync requested by replica 172.30.169.41:6379
1:M 06 Apr 2022 04:14:02.271 * Replication backlog created, my new replication IDs are 'a5cd3c705f8a0b324f44971ca6fc7d8043ce482b' and '0000000000000000000000000000000000000000'
1:M 06 Apr 2022 04:14:02.271 * Starting BGSAVE for SYNC with target: disk
1:M 06 Apr 2022 04:14:02.272 * Background saving started by pid 11
11:C 06 Apr 2022 04:14:02.272 # Failed opening the RDB file dump.rdb (in server root dir /data) for saving: Permission denied
1:M 06 Apr 2022 04:14:02.369 # Background saving error
1:M 06 Apr 2022 04:14:02.369 # Connection with replica 172.30.169.41:6379 lost.
1:M 06 Apr 2022 04:14:02.369 # SYNC failed. BGSAVE child returned an error
由于权限问题,我们确认所需的权限后发现需要 anyuid 的安全策略限制容器(SSC)。
> oc get pods
NAME READY STATUS RESTARTS AGE
redis-master-84f49d559d-q678p 1/1 Running 0 8m31s
redis-slave-5f7bc5fb7c-d26f5 1/1 Running 0 7m38s
redis-slave-5f7bc5fb7c-psh4q 1/1 Running 0 7m38s
> oc get pod/redis-master-84f49d559d-q678p -o yaml|oc adm policy scc-subject-review -f -
RESOURCE ALLOWED BY
Pod/redis-master-84f49d559d-q678p anyuid
为了实现这一点,我们需要创建一个具有anyuid的SSC的服务账户,并将其配置到部署中。
> oc create serviceaccount redis-sa
serviceaccount/redis-sa created
> oc adm policy add-scc-to-user anyuid -z redis-sa
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:anyuid added: "redis-sa"
> oc describe serviceaccount redis-sa
Name: redis-sa
Namespace: test-redis
Labels: <none>
Annotations: <none>
Image pull secrets: redis-sa-dockercfg-q8w5d
Mountable secrets: redis-sa-token-sqcdj
redis-sa-dockercfg-q8w5d
Tokens: redis-sa-token-4llgf
redis-sa-token-sqcdj
Events: <none>
> oc set serviceaccount deployment/redis-master redis-sa
deployment.apps/redis-master serviceaccount updated
> oc describe deployment/redis-master |grep Service
Service Account: redis-sa
> oc set serviceaccount deployment/redis-slave redis-sa
deployment.apps/redis-slave serviceaccount updated
> oc describe deployment/redis-slave |grep Service
Service Account: redis-sa
通过进行设定,错误得到了解决。
1:C 06 Apr 2022 04:27:53.749 # Configuration loaded
1:M 06 Apr 2022 04:27:53.751 * monotonic clock: POSIX clock_gettime
1:M 06 Apr 2022 04:27:53.752 * Running mode=standalone, port=6379.
1:M 06 Apr 2022 04:27:53.752 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 06 Apr 2022 04:27:53.752 # Server initialized
1:M 06 Apr 2022 04:27:53.753 * Ready to accept connections
1:M 06 Apr 2022 04:27:55.130 * Replica 172.30.115.4:6379 asks for synchronization
1:M 06 Apr 2022 04:27:55.130 * Full resync requested by replica 172.30.115.4:6379
1:M 06 Apr 2022 04:27:55.130 * Replication backlog created, my new replication IDs are '9d966da84bc748f7df876a47339d13ff678d045d' and '0000000000000000000000000000000000000000'
1:M 06 Apr 2022 04:27:55.130 * Starting BGSAVE for SYNC with target: disk
1:M 06 Apr 2022 04:27:55.130 * Background saving started by pid 11
11:C 06 Apr 2022 04:27:55.136 * DB saved on disk
11:C 06 Apr 2022 04:27:55.137 * RDB: 0 MB of memory used by copy-on-write
1:M 06 Apr 2022 04:27:55.164 * Background saving terminated with success
1:M 06 Apr 2022 04:27:55.164 * Synchronization with replica 172.30.115.4:6379 succeeded
1:M 06 Apr 2022 04:27:55.650 * Replica 172.30.169.41:6379 asks for synchronization
1:M 06 Apr 2022 04:27:55.650 * Full resync requested by replica 172.30.169.41:6379
1:M 06 Apr 2022 04:27:55.650 * Starting BGSAVE for SYNC with target: disk
1:M 06 Apr 2022 04:27:55.651 * Background saving started by pid 12
12:C 06 Apr 2022 04:27:55.654 * DB saved on disk
检查主Redis服务器上是否存在/data/dump.rdb文件,并确认其连接了两个从服务器(connected_slaves)。
> oc get pods
NAME READY STATUS RESTARTS AGE
redis-master-5c69db88c4-g6glq 1/1 Running 0 4m1s
redis-slave-6dcb7cdcd5-8lrl6 1/1 Running 0 3m49s
redis-slave-6dcb7cdcd5-pzxbm 1/1 Running 0 3m55s
PS C:\temp-openshift\iag> oc rsh redis-master-5c69db88c4-g6glq
# ls /data
dump.rdb
# redis-cli info replication
# Replication
role:master
connected_slaves:2
slave0:ip=172.30.169.42,port=6379,state=online,offset=350,lag=0
slave1:ip=172.30.115.19,port=6379,state=online,offset=350,lag=0
master_failover_state:no-failover
master_replid:9d966da84bc748f7df876a47339d13ff678d045d
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:350
second_repl_offset:-1
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:1
repl_backlog_histlen:350
在主机上写入测试数据。
> redis-cli set aaa 111
OK
> redis-cli get aaa
"111"
在复制端也会进行相同的确认。
由于master_link_status为up,因此与主节点建立了连接。
> oc get pods
NAME READY STATUS RESTARTS AGE
redis-master-5c69db88c4-g6glq 1/1 Running 0 7m40s
redis-slave-6dcb7cdcd5-8lrl6 1/1 Running 0 7m28s
redis-slave-6dcb7cdcd5-pzxbm 1/1 Running 0 7m34s
PS C:\temp-openshift\iag> oc rsh redis-slave-6dcb7cdcd5-8lrl6
# ls /data
dump.rdb
# redis-cli info replication
# Replication
role:slave
master_host:redis-master
master_port:6379
master_link_status:up
master_last_io_seconds_ago:9
master_sync_in_progress:0
slave_read_repl_offset:698
slave_repl_offset:698
slave_priority:100
slave_read_only:1
replica_announced:1
connected_slaves:0
master_failover_state:no-failover
master_replid:9d966da84bc748f7df876a47339d13ff678d045d
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:698
second_repl_offset:-1
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:15
repl_backlog_histlen:684
我们刚刚确认了在Master端注册的测试数据同步成功。
> redis-cli get aaa
"111"
最后
这次我们尝试了Redis服务器的冗余配置。接下来,我们想要与IBM应用程序网关结合起来进行操作确认。
