fluentd是一个免费的、完全开源的日志管理工具,可以对日志进行收集、处理、存储。对于一些高流量的网站或者特殊的架构,需要fluentd高可用配置。
以下是在测试环境搭建模拟fluentd主从配置,模拟主从切换。
| 服务器 | 服务 |
| 192.168.199.1 | elasticsearch |
| 192.168.199.2 | kafka |
| 192.168.199.3 | fluentd(主) |
| 192.168.199.4 | fluentd(备) |
fluentd(主)配置
1 <source> 2 @type kafka_group 3 brokers 192.168.199.2:9092 4 consumer_group testlog 5 topics testlog 6 format json 7 message_key message 8 add_prefix test 9 </source> 10 <match test.testlog> 11 type elasticsearch 12 hosts 192.168.199.1:9200 13 reload_connections false 14 time_key_format %Y-%m-%dT%H:%M:%S.%N%z 15 logstash_format true 16 logstash_prefix testlog 17 utc_index true 18 include_tag_key true 19 </match> 20 <source> 21 @type forward 22 port 24224 23 </source> 24 <source> 25 @type http 26 port 8888 27 </source> 28 <match mytag.test> 29 @type forward 30 <server> 31 host 192.168.199.3 32 port 24224 33 </server> 34 <server> 35 host 192.168.199.4 36 port 24224 37 standby 38 </server> 39 flush_interval 60s 40 </match>
fluentd(备)配置
1 <source> 2 @type kafka_group 3 brokers 192.168.199.2:9092 4 consumer_group testlog 5 topics testlog 6 format json 7 message_key message 8 add_prefix test 9 </source> 10 <match test.testlog> 11 type elasticsearch 12 hosts 192.168.199.1:9200 13 reload_connections false 14 time_key_format %Y-%m-%dT%H:%M:%S.%N%z 15 logstash_format true 16 logstash_prefix testlog 17 utc_index true 18 include_tag_key true 19 </match> 20 <source> 21 @type forward 22 port 24224 23 </source> 24 <match mytag.test> 25 @type forward 26 <server> 27 host 192.168.199.3 28 port 24224 29 </server> 30 <server> 31 host 192.168.199.4 32 port 24224 33 standby 34 </server> 35 flush_interval 60s 36 </match>
故障模拟:
1.按主备顺序启动,查看日志,主节点日志会提示监听本地24224端口,并连接ES;备节点日志会提示监听本地24224端口
2.模拟主宕(停止服务),备节点日志会提示独立代理服务器(主),使用备节点,连接ES。
3.当主节点恢复之后,备节点过一段时间(大概十分钟左右),备节点日志提示主服务恢复,主节点日志会提示监听本地24224端口。
fluentd主备依次启动后,显示日志如下:
主日志:
2017-12-08 14:07:29 +0800 [info]: listening fluent socket on 0.0.0.0:24224
2017-12-08 14:08:30 +0800 [info]: Connection opened to Elasticsearch cluster => {:host=>"192.168.199.1", :port=>9200, :scheme=>"http"}
备日志:
2017-12-08 14:07:40 +0800 [info]: listening fluent socket on 0.0.0.0:24224 模拟将主节点宕掉,备节点会显示如下日志:
2017-12-08 14:13:39 +0800 [warn]: detached forwarding server '192.168.199.3:24224' host="192.168.199.3" port=24224 phi=16.068447980484642
2017-12-08 14:13:39 +0800 [warn]: using standby node 192.168.199.4:24224 weight=60
2017-12-08 14:14:41 +0800 [info]: Connection opened to Elasticsearch cluster => {:host=>"192.168.199.1", :port=>9200, :scheme=>"http"} 当主节点恢复后,备节点会显示如下日志:
2017-12-08 14:20:38 +0800 [warn]: recovered forwarding server '192.168.199.3:24224' host="192.168.199.3" port=24224
主备流程架构图:
具体可参考:https://docs.fluentd.org/v0.12/articles/high-availability
