[go: up one dir, main page]

CN115378808A - Method for realizing blue-green release by using iptables - Google Patents

Method for realizing blue-green release by using iptables Download PDF

Info

Publication number
CN115378808A
CN115378808A CN202210982033.5A CN202210982033A CN115378808A CN 115378808 A CN115378808 A CN 115378808A CN 202210982033 A CN202210982033 A CN 202210982033A CN 115378808 A CN115378808 A CN 115378808A
Authority
CN
China
Prior art keywords
iptables
service
server
green
blue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210982033.5A
Other languages
Chinese (zh)
Inventor
潘力
李志永
王利锋
何本仕
林川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Junbo Network Technology Co ltd
Original Assignee
Guangzhou Junbo Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Junbo Network Technology Co ltd filed Critical Guangzhou Junbo Network Technology Co ltd
Priority to CN202210982033.5A priority Critical patent/CN115378808A/en
Publication of CN115378808A publication Critical patent/CN115378808A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0859Retrieval of network configuration; Tracking network configuration history by keeping history of different configuration generations or by rolling back to previous configuration versions
    • H04L41/0863Retrieval of network configuration; Tracking network configuration history by keeping history of different configuration generations or by rolling back to previous configuration versions by rolling back to previous configuration versions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for realizing blue-green release by using iptables, which relates to the technical field of blue-green release and comprises the following steps: step one, deploying a new version service; an engineer deploys a new version service to a server needing updating, and the new version (9000 port) service monitors a port different from an old version (8080 port); step two, loading the new version service, starting the server after deploying the new version service to the server needing to be updated, and ensuring the loading state to be normal after finishing loading the new version service; and step three, writing rules. According to the invention, through an iptables flow forwarding mode, blue-green issuing can be realized under the condition of only using a single server without changing a flow inlet, server resources can be saved, half of server resources are reduced, all operations are performed on the single server, the complexity of the operations can be greatly reduced, the blue-green issuing is simpler and more convenient, and the errors of operators are reduced.

Description

Method for realizing blue-green release by using iptables
Technical Field
The invention relates to the technical field of blue-green release, in particular to a method for realizing blue-green release by using iptables.
Background
Blue-green release is the most common version release mode at present, upgrade application service by using blue-green release, not only can reduce perception of users, but also can realize smooth upgrade effect of application service, the blue-green release is a technology for carrying out application release in a predictable mode, and aims to reduce service interruption time in application upgrade and apply smooth upgrade. When the application service needs to be subjected to version upgrading, a new version of application is deployed in the blue environment, after the test is passed, the user access of the green environment is cut off, and all external traffic is routed to the application cluster of the blue environment through load balancing. The advantage of using blue-green release mode to carry out application service version upgrading lies in that operation and maintenance personnel can use the deployment in blue environment all the time, can not influence the service of green environment even go wrong, also can accomplish the service rollback in very short time if find the problem after the flow switches to reduce the service interruption risk that application version upgrading brought.
The following problems exist in the prior art:
the existing blue-green release method needs to start a group of new virtual machines to run new-version services when in operation, and switches the flow to the new services of the new virtual machines after the new-version services are started.
Disclosure of Invention
The invention provides a method for realizing blue-green release by using iptables, which aims to solve the problems in the background technology.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a method for implementing blue-green publication using iptables, comprising the steps of: step one, deploying a new version service; an engineer deploys a new version service to a server needing updating, and the new version (9000 port) service monitors a port different from an old version (8080 port); step two, loading the new version service, starting the server after deploying the new version service to the server needing to be updated, finishing the loading of the new version service and ensuring the normal loading state; writing rules, wherein an engineer writes a new iptables rule into the iptables; running detection, namely running the iptables running the new iptables rule and checking whether running is normal; and step five, blue-green issuing, namely issuing the server with the new version which normally operates.
The technical scheme of the invention is further improved as follows: the 8080 port and 9000 ports in step one are two different ports.
The technical scheme of the invention is further improved as follows: the iptables in the third step is-AP REROUTING-p tcp-m tcp-dport 8080-j REDIRECT-to-ports 9000.
The technical scheme of the invention is further improved as follows: the function of the iptables rule in the third step is to forward the flow of the access server 8080 port to the 9000 port, and after the iptables rule takes effect, a user can access a new service through the access server 8080 port, so that an engineer can complete the service updating operation without stopping the operation, and the service is released by blue green with coexisting new and old versions.
The technical scheme of the invention is further improved as follows: the iptables in the third step is a firewall application operating in the user space, is an IP packet filtering system integrated with a Linux kernel version 3.5, which facilitates better control of IP packet filtering and firewall configuration on a Linux system if the Linux system is connected to the internet or a LAN, a server or a proxy server connecting a LAN and the internet.
The technical scheme of the invention is further improved as follows: and the output end of the operation detection in the fourth step is in signal connection with an exception handling, the output end of the exception handling is in signal connection with a rule removing device, and the output end of the rule removing device is in signal connection with the output end compiled by the rule.
The technical scheme of the invention is further improved as follows: when the iptables of the new iptables rule runs, the service is abnormal and needs to be rolled back urgently, and an engineer can make the user access the old version service again only by removing the rule which is added just now, so that the service rolling back operation is completed.
Due to the adoption of the technical scheme, compared with the prior art, the invention has the technical progress that:
1. the invention provides a method for realizing blue-green release by using iptables, which comprises the steps of deploying new version services, loading the new version services, compiling rules, running detection, coping with exceptions, removing the rules, releasing blue-green and the like, wherein an engineer deploys the new version services to a server needing to be updated, monitors a port different from an old version (8080 port) by the new version (9000 port) services, starts the server after deploying the new version services to the server needing to be updated, finishes loading the new version services to ensure that the loading state is normal, writes a new iptables rule into the iptables by the engineer, runs the iptables running the new iptables rule, checks whether the running is normal or not, and obtains content of the iptables as-A PREUTING-p tcp-m tcp-dport 8080-j REDIR-to-ports 9000, the function is that the flow of the access server 8080 port is transferred to the 9000 port, after the iptables rule takes effect, the user can access the new service through the access server 8080 port, so that the engineer can complete the service updating operation without shutdown, and blue-green issue with the coexistence of the new and old version services, when the iptables of the new iptables rule operates, the service is abnormal and needs to be rolled back urgently, the engineer can make the user re-access the old version service by removing the rule added just now, and complete the service rolling back operation, the flow transferring mode through iptables can realize the issue only by using a single blue-green server under the condition of not changing the flow entrance, the server resource can be saved, half of the server resource is reduced, and all the operations are performed on the single server, the complexity of the operation can be greatly reduced, make blue green issue simple more convenient, reduce operating personnel's error.
Drawings
Fig. 1 and 2 are schematic flow diagrams of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples:
example 1
As shown in fig. 1-2, the present invention provides a method for implementing blue-green distribution using iptables, comprising the following steps: step one, deploying a new version service; an engineer deploys a new version of service to a server needing to be updated, and the new version (9000 port) of service monitors a port different from an old version (8080 port); step two, loading the new version service, starting the server after deploying the new version service to the server needing to be updated, and ensuring the loading state to be normal after finishing loading the new version service; writing rules, wherein an engineer writes a new iptables rule into the iptables; running detection, namely running the iptables running the new iptables rule and checking whether running is normal; step five, blue and green publishing, publishing a normally operated new version server, wherein an 8080 port and a 9000 port in the step one are two different ports, the content of iptables in the step three is-a PREROUTING-p tcp-m tcp-dport 8080-j REDIRECT-to-ports 9000, the iptables rule in the step three is used for forwarding the flow for accessing the 8080 port of the server to the 9000 port, after the iptables rule becomes effective, a user can access a new service by accessing the 8080 port of the server, so that an engineer can complete the service updating operation without shutdown, and the issuing of the old and new version services is blue and green, the iptables in the step three is firewall application software working in a user space, is an IP information packet filtering system integrated with a 3.5 version Linux kernel, if the Linux system is connected to a LAN or a server or a proxy server connected with LAN and Linux, the Linux system is favorable for better controlling the IP information packet filtering system and the IP information packet filtering system to operate when the IP information packet filtering rule is abnormal, and the IP information packet filtering rule is added, the IP information packet filtering system can be connected to the IP information packet filtering system, and the IP information filtering system can detect the abnormal IP information packet, and the abnormal IP information packet filtering system can be connected to the abnormal IP packet filtering system.
In this embodiment, through the iptables mode of forwardding the flow, under the mode that does not change the flow entry, can only use the circumstances of single server to realize blue-green and publish, compare prior art, can practice thrift server resource more, reduced half server resource. And all operations are all carried out on single server, the complexity of operation that can significantly reduce for bluish green issues simple more convenient, reduces operating personnel's error.
The operation principle of the method for implementing blue-green distribution by using iptables is described in detail below.
As shown in fig. 1-2, an engineer deploys a new version of service to a server that needs to be updated, the new version of service monitors a port different from an old version (assuming that the old version is 8080, the new version is 9000), when the new version of service is loaded and the state is normal, the engineer writes a new Iptables rule into the Iptables, the rule content is-a advanced-p tcp-m tcp-dport 8080-j REDIRECT-to-ports 9000, the rule has a function of forwarding traffic accessing the 8080 port of the server to the 9000 port, after the Iptables rule takes effect, a user can access the new service by accessing the 8080 port of the server, so that the engineer can complete service update operation without shutdown, blue-green release of the new and old version of service coexisting, if the blue-green release of the new and old version of service occurs abnormality at this time, emergency rollback is needed, the engineer only needs to remove the rule added, the user can access the old version of service again, service rollback operation is completed, the blue-green release of the new version of service can be released by a forwarding mode, only by using a single-green release resource, and only can save resources under the existing single-blue-green resource release mode, and the existing single-green resource can be reduced. And all operations are all gone on single server, and the complexity of operation that can significantly reduce through automatic switch-over for bluish-green issues simple more convenient, reduces operating personnel's error, has the advantage that promotes release efficiency, reduces the operational risk, practices thrift server resource.
The present invention has been described in general terms, but it will be apparent to those skilled in the art that modifications and improvements can be made based on the present invention. Therefore, it is possible to modify or improve the optical characteristics of the optical fiber without departing from the spirit of the present invention.

Claims (7)

1. A method for realizing blue-green publishing by using iptables is characterized by comprising the following steps:
step one, deploying a new version service; an engineer deploys a new version service to a server needing updating, and the new version (9000 port) service monitors a port different from an old version (8080 port);
step two, loading the new version service, starting the server after deploying the new version service to the server needing to be updated, and ensuring the loading state to be normal after finishing loading the new version service;
writing rules, wherein an engineer writes a new iptables rule into the iptables;
running detection, namely running the iptables running the new iptables rule and checking whether running is normal;
and step five, blue-green issuing, namely issuing the server with the new version which normally operates.
2. The method of claim 1 for implementing blue-green publication using iptables, wherein: the 8080 port and 9000 ports in step one are two different ports.
3. The method of claim 1 for implementing blue-green publication using iptables, wherein: in the third step, the contents of iptables are-A PREROUTING-p tcp-m tcp-dport 8080-j REDIRECT-to-ports 9000.
4. The method of claim 1 for implementing blue-green publication using iptables, wherein: the function of the iptables rule in the third step is to forward the flow of the access server 8080 port to the 9000 port, and after the iptables rule takes effect, a user can access a new service by accessing the server 8080 port, so that an engineer can complete a service updating operation without shutdown, and the service is released by blue green with coexisting new and old versions.
5. The method of claim 1 for implementing blue-green publication using iptables, wherein: the iptables in the third step is a firewall application operating in the user space, is an IP packet filtering system integrated with a Linux kernel version 3.5, which facilitates better control of IP packet filtering and firewall configuration on a Linux system if the Linux system is connected to the internet or a LAN, a server or a proxy server connecting a LAN and the internet.
6. The method of claim 1 for implementing blue-green publication using iptables, wherein: and the output end of the operation detection in the fourth step is in signal connection with an exception handling, the output end of the exception handling is in signal connection with a rule removing device, and the output end of the rule removing device is in signal connection with the output end compiled by the rule.
7. The method of claim 1 for implementing blue-green publication using iptables, wherein: when the iptables of the new iptables rule runs, the service is abnormal and needs to be rolled back urgently, and an engineer can make the user access the old version service again only by removing the rule which is added just now, so that the service rolling back operation is completed.
CN202210982033.5A 2022-08-16 2022-08-16 Method for realizing blue-green release by using iptables Pending CN115378808A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210982033.5A CN115378808A (en) 2022-08-16 2022-08-16 Method for realizing blue-green release by using iptables

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210982033.5A CN115378808A (en) 2022-08-16 2022-08-16 Method for realizing blue-green release by using iptables

Publications (1)

Publication Number Publication Date
CN115378808A true CN115378808A (en) 2022-11-22

Family

ID=84065205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210982033.5A Pending CN115378808A (en) 2022-08-16 2022-08-16 Method for realizing blue-green release by using iptables

Country Status (1)

Country Link
CN (1) CN115378808A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020144256A1 (en) * 2001-03-30 2002-10-03 Navin Budhiraja Method of deployment for concurrent execution of multiple versions of an integration model on an integration server
CN106919418A (en) * 2017-01-22 2017-07-04 北京奇艺世纪科技有限公司 The method and device of the quick rollback of application on site
CN107153560A (en) * 2017-05-25 2017-09-12 微梦创科网络科技(中国)有限公司 Version upgrade method, server and system
CN110471683A (en) * 2019-08-06 2019-11-19 上海浦东发展银行股份有限公司信用卡中心 A kind of bluish-green dissemination method of container cloud application based on intelligent DNS
US10560372B1 (en) * 2017-08-28 2020-02-11 Amazon Technologies, Inc. Request routing based on server software versions
CN111352642A (en) * 2020-02-27 2020-06-30 厦门网宿有限公司 Service equipment and service software upgrading method
CN111399855A (en) * 2020-03-09 2020-07-10 山东汇贸电子口岸有限公司 Automatic application instance publishing method based on container technology
CN114090022A (en) * 2021-11-30 2022-02-25 建信金融科技有限责任公司 System deployment method, apparatus, device, and computer storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020144256A1 (en) * 2001-03-30 2002-10-03 Navin Budhiraja Method of deployment for concurrent execution of multiple versions of an integration model on an integration server
CN106919418A (en) * 2017-01-22 2017-07-04 北京奇艺世纪科技有限公司 The method and device of the quick rollback of application on site
CN107153560A (en) * 2017-05-25 2017-09-12 微梦创科网络科技(中国)有限公司 Version upgrade method, server and system
US10560372B1 (en) * 2017-08-28 2020-02-11 Amazon Technologies, Inc. Request routing based on server software versions
CN110471683A (en) * 2019-08-06 2019-11-19 上海浦东发展银行股份有限公司信用卡中心 A kind of bluish-green dissemination method of container cloud application based on intelligent DNS
CN111352642A (en) * 2020-02-27 2020-06-30 厦门网宿有限公司 Service equipment and service software upgrading method
CN111399855A (en) * 2020-03-09 2020-07-10 山东汇贸电子口岸有限公司 Automatic application instance publishing method based on container technology
CN114090022A (en) * 2021-11-30 2022-02-25 建信金融科技有限责任公司 System deployment method, apparatus, device, and computer storage medium

Similar Documents

Publication Publication Date Title
KR100825348B1 (en) Server system and online software update method
CN107608706A (en) A kind of application program automatic heating update method based on functional module
US11403148B2 (en) Virtual electronic control units in autosar
CN110471683B (en) Intelligent DNS-based container cloud application blue-green publishing method
CN110119325B (en) Server fault processing method, device, equipment and computer readable storage medium
US7716663B2 (en) Method, system and program product for controlling native applications using open service gateway initiative (OSGi) bundles
US20020147823A1 (en) Computer network system
US8776092B2 (en) Multiple interface support
CN113986286A (en) Elegant upgrading method of gateway control program based on parent-child process transfer descriptor
CN115378808A (en) Method for realizing blue-green release by using iptables
JP2009146387A (en) Information processing apparatus, information processing method, and program
JP2002532784A (en) Method and apparatus for remote installation of network drivers and software
EP3501146A1 (en) A data packet forwarding unit in a data transmission network
US7340738B2 (en) Time optimized replacement of a software application
US7269831B2 (en) Multiprocessor system, multiprocessor control method, and multiprocessor control program retaining computer-readable recording medium
US5909575A (en) Technique for efficiently maintaining system configuration
CN118488018B (en) Flow mirroring method, device and product
CN111431788B (en) High-reliability network communication system and method
CN119276882A (en) Data transmission method and device, electronic device, and storage medium
US20040205375A1 (en) Method and apparatus for testing network system, and computer-readable medium encoded with program for testing network system
US7644189B2 (en) Method for upgrading network server programming conditions, associated system and software product
CN101022636A (en) Device updating method and hardware device
EP4086756A1 (en) Method and apparatus for processing virtual machine component
CN114138411A (en) All-in-one machine deployment method, all-in-one machine, device and medium
US20050278694A1 (en) Describing Runtime Components of a Solution for a Computer System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20221122