文章目录
一、概述
Apache APISIX 早在 1.4 版本就已经集成 Apache SkyWaling Tracing 能力,并在后续版本中加入了错误日志和访问日志收集等功能。如今随着 Apache SkyWalking 对 Metrics 的支持,能够帮助 Apache APISIX 在集成模式下实现一站式可观测方案,同时覆盖到日志、度量和调用追踪。
熟悉 Apache APISIX 的小伙伴应该知道,Apache APISIX 在运行中会产出两种日志,即访问日志和错误日志。
访问日志记录着每个请求的详细信息,属于请求范围内产生的日志,因此可以直接与 Tracing 关联。而错误日志则是 Apache APISIX 运行时产出日志信息,是整个应用级别日志,但无法确保能百分百关联到请求上。
目前 Apache APISIX 提供了非常丰富的日志处理插件,包括 TCP/HTTP/Kafka 等收集上报插件,但它们与 Tracing 关联都比较弱。以 Apache SkyWalking 为例,提取 Apache APISIX 端日志记录中的 SkyWalking Tracing Conetxt Header 并输出到文件系统,之后利用日志处理框架(fluentbit)将日志转成 SkyWalking 可接受的日志格式。后续从中解析提取 Tracing Context,从而获得 Tracing ID 进而与 Trace 建立联系。
显然,上述方式处理流程比较繁琐复杂,还需要额外转换日志格式。为此,在新版本中实现了将 Apache SkyWalking 访问日志接入 Apache APISIX 插件生态,方便用户在使用 Apache APISIX 中更方便地利用 Apache SkyWalking 进行收集和处理相关日志。
二、Apisix部署
skywalking的部署可以参考上一篇博文:https://blog.csdn.net/bacawa/article/details/132359924
官网: https://apisix.apache.org/
我使用docker-compose部署的,下载地址:https://github.com/apache/apisix
1、修改apisix配置文件
xxxx/apisix-docker-master/example/apisix_conf/config.yaml
配置如下:
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
deployment:
admin:
allow_admin: # https://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://etcd:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
plugins: # plugin list 如果没有该值,就直接添加
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- skywalking #skywalking插件默认不打开这个插件,需要打开(配置上即可)
- skywalking-logger #skywalking-logger插件默认不打开这个插件,需要打开(配置上即可)
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
plugin_attr:
skywalking: #配置skywalking的相关属性
service_name: APISIX #注册进skywalking中的服务名称
service_instance_name: "APISIX Instance Name" #skywalking中的实例名称
endpoint_addr: http://192.168.54.53:12800 #skywalking地址
report_interval: 1 #skywalking上报间隔时间,单位为秒。
prometheus:
export_addr:
ip: "0.0.0.0"
port: 9091
discovery: #服务发现的配置,不需要可以不配
nacos:
host:
- "http://nacos:[email protected]:8848"
prefix: "/nacos/v1/"
fetch_interval: 30 # default 30 sec
weight: 100 # default 100
timeout:
connect: 2000 # default 2000 ms
send: 2000 # default 2000 ms
read: 5000 # default 5000 ms
关于skywalking的配置,在上面配置文件中已经都注释了,可以仔细看看配置文件内容。
plugin_attr属性的skywalking属性参数如下表所示:
| 名称 | 类型 | 默认值 | 描述 |
|---|---|---|---|
| service_name | string | “APISIX” | SkyWalking 上报的服务名称 |
| service_instance_name | string | “APISIX Instance Name” | SkyWalking 上报的服务实例名设置为 $hostname 时,将获取本机主机名 |
| service_instance_name | string | “APISIX Instance Name” | SkyWalking 上报的服务实例名设置为 $hostname 时,将获取本机主机名 |
| endpoint_addr | string | “http://127.0.0.1:12800” | SkyWalking 的 HTTP endpoint 地址,例如:http://127.0.0.1:12800 |
| report_interval | integer | SkyWalking 客户端内置的值 | 上报间隔时间,单位为秒 |
2、修改dashboard配置文件
xxxx/apisix-docker-master/example/dashboard_conf/conf.yaml
配置如下:
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "http://etcd:2379"
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
security:
# access_control_allow_origin: "http://httpbin.org"
# access_control_allow_credentials: true # support using custom cors configration
# access_control_allow_headers: "Authorization"
# access_control-allow_methods: "*"
# x_frame_options: "deny"
content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel.
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- skywalking #默认不打开,这里给打开,如果没有就加上即可
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
3、使用docker-compose启动apisix服务
docker-compose up -d
等待一会,大约1分钟左右,浏览器输入http://IP:9000,即可看到下面的页面,用户名和密码在上面dashboard配置文件中可以看到:
三、启用插件
1、新建Apisix路由
使用如下命令新建,如果用不惯curl,也可以使用Apifox软件进行测试,超级好用,比Postman好用。
代码中的IP和端口根据世纪情况修改下
首先要开启skywalking插件,如果不开启, 取不到Tracing Context,就无法生产追踪关系;还需要开启skywalking-logger插件,Apisix的访问日志就会同步至skywalking。
curl http://192.168.54.56:9180/apisix/admin/routes/1 \
-H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"skywalking": {
"_meta": {
"disable": false
}
}
"skywalking-logger": {
"endpoint_addr": "http://192.168.54.53:12800"
}
},
},
"upstream": {
"type": "roundrobin",
"nodes": {
"192.168.48.120:8850": 1
}
},
"uri": "/demo/*"
}
2、验证
请求服务
skywalking中就会有日志进来,并且有追踪信息。
日志信息
追踪关系
拓扑关系
总结
本文主要介绍了 Apache APISIX 集成 SkyWalking 的日志插件,为之后大家在 Apache APISIX 中进行日志处理提供更方便的操作与环境。希望通过本篇内容,使大家后续可以更方便地利用 Apache APISIX 进行可观测数据的集中管理。后续也将推出SkyWalking 进行日志处理文章,敬请期待。
打完手工!