XRay 跟踪未显示在 AWS 控制台中 [英] XRay Traces not showing up in AWS Console

问题描述

我已按照 AWS 文档为部署在 AWS ECS 上的 Spring Boot 应用程序设置 XRAY，但我无法在 AWS 控制台中看到我的服务的跟踪.以下是我实施的更改的高级视图:

I've followed the AWS documentation on setting up XRAY for our Spring Boot application deployed on AWS ECS, but I'm not able to see the traces for my services in the AWS Console. Here's a high level view of the changes I've implemented:

向我的 EC2 添加了具有策略权限的角色

Added Role with Policy permissions to my EC2

"xray:BatchGetTraces",
"xray:GetServiceGraph",
"xray:GetTraceGraph",
"xray:GetTraceSummaries",
"xray:PutTelemetryRecords",
"xray:PutTraceSegments"

添加跟踪过滤器

@Bean
public Filter TracingFilter() {
    return new AWSXRayServletFilter("myService");
}

在我们的 POM 文件中添加了 XRAY 依赖项，并在我们的控制器方法中添加了 @XRayEnabled 注释:

Added XRAY dependencies to our POM file and added @XRayEnabled annotation to our Controller method:

将 XRAY Daemon 下载到我们的 ec2 实例并安装

Downloaded the XRAY Daemon to our ec2 instance and installed

curl https://s3.dualstack.us-east-1.amazonaws.com/aws-xray-assets.us-east-1/xray-daemon/aws-xray-daemon-3.x.rpm -o /home/ec2-user/xray.rpm
yum install -y /home/ec2-user/xray.rpm

我已经确认我们看到了 UDP 日志记录语句，例如:com.amazonaws.xray.emitters.UDPEmitter:

I've verified that we are seeing UDP logging statements for example: com.amazonaws.xray.emitters.UDPEmitter:

 {
  "name" : "myService",
  "id" : "1234",
  "start_time" : 1.546020031234E9,
  "trace_id" : "myTraceId",
  "end_time" : 1.546020031234E9,
  "http" : {
    "request" : {
      "method" : "POST",
      "client_ip" : "myIp",
      "url" : "myURL",
      "user_agent" : "PostmanRuntime/7.4.0",
      "x_forwarded_for" : true
    },
    "response" : {
      "content_length" : 200,
      "status" : 200
    }
  },
  "aws" : {
    "xray" : {
      "sdk_version" : "1.2.1",
      "sdk" : "X-Ray for Java"
    }
  },
  "service" : {
    "runtime" : "OpenJDK 64-Bit Server VM",
    "runtime_version" : "1.8.0_151"
  }
}

而且我还使用 netstat -tulpn 验证了守护进程是否在 ec2 上运行

And I've also verified that the daemon is running on the ec2 using netstat -tulpn

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 127.0.0.1:2000          0.0.0.0:*                           14126/xray 

还需要什么才能让 XRAY 跟踪显示在 AWS 控制台中?

What else is needed to be able to get the XRAY traces to show up in the AWS Console?

我已经在启用日志记录的情况下启动了 docker 守护进程，但我没有看到任何迹象表明 docker 守护进程正在向 AWS 发送数据，只是启动信息，仅此而已:

I've started the docker daemon with logging enabled, but I'm not seeing any indication that the docker daemon is sending data to AWS, just startup information and that's it:

2018-12-28T23:14:19Z [Info] Initializing AWS X-Ray daemon 3.0.0
2018-12-28T23:14:19Z [Info] Using buffer memory limit of 304 MB
2018-12-28T23:14:19Z [Info] 4864 segment buffers allocated
2018-12-28T23:14:19Z [Info] Using region: us-east-1
2018-12-28T23:14:19Z [Info] Starting proxy http server on 127.0.0.1:2000

推荐答案

我猜这个问题是因为您在 EC2 主机上运行 X-Ray Daemon 而您的 Java 容器正尝试将事件发送到 127.0.0.1:2000 默认情况下，它位于 java 容器本身内，但不是主机地址.Docker 容器将 127.0.0.1 视为在容器范围内.

I am guessing the issue is because you are running X-Ray Daemon on EC2 host and your java container is trying to send events to 127.0.0.1:2000 by default which is inside the java container itself but not the host address. Docker container sees 127.0.0.1 as within the container scope.

您需要在 Java 应用程序上正确配置 X-Ray 守护程序地址.

You will need to configure the X-Ray Daemon Address properly on your Java App.

AWS_XRAY_DAEMON_ADDRESS – 设置 X-Ray 守护进程的主机和端口听众.默认情况下，SDK 对两个跟踪数据使用 127.0.0.1:2000(UDP) 和采样 (TCP).如果您已配置守护进程侦听不同的端口，或者它是否在其他端口上运行不同的主机.

AWS_XRAY_DAEMON_ADDRESS – Set the host and port of the X-Ray daemon listener. By default, the SDK uses 127.0.0.1:2000 for both trace data (UDP) and sampling (TCP). Use this variable if you have configured the daemon to listen on a different port or if it is running on a different host.

格式

同一个端口——地址:端口

Same port – address:port

不同的端口——tcp:address:port udp:address:port

Different ports – tcp:address:port udp:address:port

https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-configuration.html#xray-sdk-java-configuration-envvars

由于您正在检测基于 ECS 的应用程序，我建议将 X-Ray 守护程序启动为 Docker 容器，而不是作为 EC2 主机上的实际进程.

Since you are instrumenting the ECS based application, I would advise to spin up X-Ray Daemon as Docker Container but not as actual process on EC2 host.

示例 -

1. 将 X-Ray 守护程序作为 ECS 容器(作为守护程序调度类型)运行.https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-ecs.htmlhttps://docs.aws.amazon.com/AmazonECS/最新/developerguide/ecs_services.html#service_scheduler
2. 根据您在 ECS 上使用的网络模型，您应该能够从 Java 容器与 X-Ray 容器地址和端口进行交互.

如果您有任何问题，请告诉我.

Let me know if you have any questions.

X-RAY 守护进程作为 Docker 容器还是在主机上运行?

X-RAY Daemon as a Docker Container vs running it on the host?

这只是一些意见，似乎是 AWS 推荐的一些方法.我能想到的几个优点是

It's just some opinion and it seems like some recommended way from AWS. Few advantages I can think of are

1. 您无需维护脚本/序列即可将 X-Ray 守护进程进程纳入您的 EC2 AMI.
2. 您无需授予整个 EC2 角色权限即可将数据发送到 X-Ray，但对于容器，只有该特定任务角色具有权限，而没有其他所有权限.
3. 如果进程因任何原因停止，您必须手动启动进程或从集群中删除 EC2 或在 AMI 上维护复杂的脚本.但作为 ECS 托管容器，它将确保任务始终运行.
4. ECS Daemon 调度文档说明您的案例是他们引入此类容器的原因.

https://aws.amazon.com/about-aws/whats-new/2018/06/amazon-ecs-adds-daemon-scheduling/

同样，这只是我的意见，但您也可以按照自己的意愿行事.

Again, this is just my opinion but you can go with desired way as well.

这篇关于XRay 跟踪未显示在 AWS 控制台中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！