데이터평면API
HAProxy
Data Plane API는 HAProxy 옆에서 실행되고 HAProxy 관리를 위한 API 엔드포인트를 제공하는 사이드카 프로세스입니다. HAProxy 버전 1.9.0 이상이 필요합니다.
Data Plane API를 구축하려면 Go 모듈 지원이 활성화된 시스템에 Go가 설치되어 있어야 하며 다음 단계를 실행하십시오.
1. dataplaneapi 저장소 복제
git clone https://github.com/haproxytech/dataplaneapi.git
2. make build를 실행합니다:
make build
3. 빌드된 바이너리는 /build 디렉터리에서 찾을 수 있습니다. 시험
기본 사용법:
Usage:
dataplaneapi [OPTIONS]
API for editing and managing haproxy instances
Application Options:
--scheme= the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec
--cleanup-timeout= grace period for which to wait before killing idle connections (default: 10s)
--graceful-timeout= grace period for which to wait before shutting down the server (default: 15s)
--max-header-size= controls the maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request
body. (default: 1MiB)
--socket-path= the unix socket to listen on (default: /var/run/data-plane.sock)
--host= the IP to listen on (default: localhost) [$HOST]
--port= the port to listen on for insecure connections, defaults to a random value [$PORT]
--listen-limit= limit the number of outstanding requests
--keep-alive= sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download) (default: 3m)
--read-timeout= maximum duration before timing out read of the request (default: 30s)
--write-timeout= maximum duration before timing out write of the response (default: 60s)
--tls-host= the IP to listen on for tls, when not specified it's the same as --host [$TLS_HOST]
--tls-port= the port to listen on for secure connections, defaults to a random value [$TLS_PORT]
--tls-certificate= the certificate to use for secure connections [$TLS_CERTIFICATE]
--tls-key= the private key to use for secure connections [$TLS_PRIVATE_KEY]
--tls-ca= the certificate authority file to be used with mutual tls auth [$TLS_CA_CERTIFICATE]
--tls-listen-limit= limit the number of outstanding requests
--tls-keep-alive= sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)
--tls-read-timeout= maximum duration before timing out read of the request
--tls-write-timeout= maximum duration before timing out write of the response
--uid user id value to set on start
--gid group id value to set on start
HAProxy options:
-c, --config-file= Path to the haproxy configuration file (default: /etc/haproxy/haproxy.cfg)
-u, --userlist= Userlist in HAProxy configuration to use for API Basic Authentication (default: controller)
-b, --haproxy-bin= Path to the haproxy binary file (default: haproxy)
-d, --reload-delay= Minimum delay between two reloads (in s) (default: 5)
-r, --reload-cmd= Reload command
-s, --restart-cmd= Restart command
--reload-retention= Reload retention in days, every older reload id will be deleted (default: 1)
-t, --transaction-dir= Path to the transaction directory (default: /tmp/haproxy)
-n, --backups-number= Number of backup configuration files you want to keep, stored in the config dir with version number suffix (default: 0)
--backups-dir= Path to directory in which to place backup files
-m, --master-runtime= Path to the master Runtime API socket
-i, --show-system-info Show system info on info endpoint
-f= Path to the dataplane configuration file (default: /etc/haproxy/dataplaneapi.yaml)
--userlist-file= Path to the dataplaneapi userlist file. By default userlist is read from HAProxy conf. When specified userlist would be read from this file
--fid= Path to file that will dataplaneapi use to write its id (not a pid) that was given to him after joining a cluster
-p, --maps-dir= Path to directory of map files managed by dataplane (default: /etc/haproxy/maps)
--ssl-certs-dir= Path to SSL certificates directory (default: /etc/haproxy/ssl)
--update-map-files Flag used for syncing map files with runtime maps values
--update-map-files-period= Elapsed time in seconds between two maps syncing operations (default: 10)
--cluster-tls-dir= Path where cluster tls certificates will be stored. Defaults to same directory as dataplane configuration file
--spoe-dir= Path to SPOE directory. (default: /etc/haproxy/spoe)
--spoe-transaction-dir= Path to the SPOE transaction directory (default: /tmp/spoe-haproxy)
--master-worker-mode Flag to enable helpers when running within HAProxy
--max-open-transactions= Limit for active transaction in pending state (default: 20)
--validate-cmd= Executes a custom command to perform the HAProxy configuration check
--disable-inotify Disables inotify watcher watcher for the configuration file
--pid-file= Path to file that will dataplaneapi use to write its pid
--debug-socket-path= Unix socket path for the debugging command socket
Logging options:
--log-to=[stdout|file|syslog] Log target, can be stdout, file, or syslog (default: stdout)
--log-file= Location of the log file (default: /var/log/dataplaneapi/dataplaneapi.log)
--log-level=[trace|debug|info|warning|error] Logging level (default: warning)
--log-format=[text|JSON] Logging format (default: text)
--apache-common-log-format= Apache Common Log Format to format the access log entries (default: %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i" %{us}T)
Syslog options:
--syslog-address= Syslog address (with port declaration in case of TCP type) where logs should be forwarded: accepting socket path in case of unix or unixgram
--syslog-protocol=[tcp|tcp4|tcp6|unix|unixgram] Syslog server protocol (default: tcp)
--syslog-tag= String to tag the syslog messages (default: dataplaneapi)
--syslog-level= Define the required syslog messages level, allowed values: debug|info|notice|warning|error|critical|alert|emergency (default: debug)
--syslog-facility= Define the Syslog facility number, allowed values: kern|user|mail|daemon|auth|syslog|lpr|news|uucp|cron|authpriv|ftp|local0|local1|local2|local3|local4|local5|local6|local7
(default: local0)
Show version:
-v, --version Version and build information
Help Options:
-h, --help Show this help message이러한 옵션 외에도 구성 파일 측면에서 모든 것을 정의할 수 있습니다. 구성 파일 보기
간단히 다음을 실행하여 테스트할 수 있습니다.
./dataplaneapi --port 5555 -b /usr/sbin/haproxy -c /etc/haproxy/haproxy.cfg -d 5 -r "service haproxy reload" -s "service haproxy restart" -u dataplaneapi -t /tmp/haproxy
Dataplaneapi에는 haproxy 구성 파일과 추가 관리 파일(맵, SSL, spoe)이 포함된 디렉터리에 대한 쓰기 권한이 필요합니다. 기본 위치는 명령줄 옵션으로 재정의될 수 있습니다. 컬로 테스트해 보세요. haproxy 구성의 HAProxy userlist에 사용자/패스 조합 설정이 필요합니다(위 예에서는 /etc/haproxy/haproxy.cfg, userlist 컨트롤러).
curl -u: -H "Content-Type: application/json" "http://127.0.0.1:5555/v2/"
보안 비밀번호를 사용하는 경우 지원되는 알고리즘은 md5, sha-256 및 sha-512입니다.
Data Plane API를 사용하는 방법에 대한 자세한 내용은 설명서를 확인하세요.
또는 dataplaneapi는 /v2/docs uri에서 현재 빌드와 관련된 자체 대화형 문서를 제공합니다. 브라우저에서 데이터 플레인이 시작된 호스트/포트를 가리키기만 하면 됩니다(예: http://localhost:5555/v2/docs ).
README의 문서를 확인하세요.
README의 문서를 확인하세요.
이 프로젝트에 기여하고 싶다면 기여 가이드를 확인하세요.
