Kong Common Problems and Solutions (iv)

A restart Kong Gateway

1. Execute the following command in each server kong:

   kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong
   

2. Kong has not started a successful verification, execute the following command:
   View Kong cluster information

   kong cluster members 
   或
   curl http://localhost:8001 
   

3. If that fails, we need to first stopped kong, execute the following command:

   kong stop -vvv 
   

4. If there are mistakes, kill nginx process, and then restart.
   

Second, restart Kong Dashboard

7.1 Restart Gateway Dashboard

supervisorctl restart kong-dashboard

7.2 check not start successfully

Use Windows Explorer or the command curl
curl api01.com

Three, Kong common problems and solutions

All operations were performed root privilege, use sudo -i to root.

1, Kong cluster information is not synchronized

Performance issues: multiple invocations of the same interface, sometimes normal and sometimes abnormal
detection method: Use kong cluster membersthe command to view the current status and the number of nodes in the cluster, if not the number of nodes in the configuration or the last one is not alive, the state is required to restart Kong.
Solution:

kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong

2, the interface can not provide normal service

Performance issues: access API (80/443) or Management Interface (8001) returns "Connection refused" message similar
detection method: use lsof -i:PORTor netstat -tunlp |grep -E ':(80|443|8001)'to view the open port is normal, if not open, please restart Kong.
Solution:

kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong

3, 500 service interface returns

Performance issues: Client call does not return a value, use the httpie/ curletc command line tools to test, http status_code return 500.
Solution: to save the current interface information, and then delete (API / Dashboard) interfaces reconstruction.

4, Dashboard inaccessible

Performance issues : After opening the browser returns the corresponding domain name Dashboard blank page or error
detection method : using supervisorctl status kong-dashboard view of the second row status is 'RUNNING' status
Solution : restart Dashboard

supervisorctl restart kong-dashboard

5, PostgreSQL Deadlock

Performance issues:

1. Use kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p / usr / local / fail after a long time when jammed kong command.
2. Operating Kong mamanger API to configure add / change will timeout.
3. There are a large number of insert waitting or delete waitting and other processes on the db-master server. Solution:

Solution one (as far as possible to try to use this):

1. By pg_stat_activity table to identify the process lock table PID;

2. And then kill the corresponding process by the following statement.
   Reference: https://yq.aliyun.com/articles/86631

   select pg_terminate_backend(PID)
   

Solution two (in extreme cases):

1. In the first backup of the current DB db-master, the command is as follows:

   sudo -u postgres pg_dump kong > /tmp/kong.sql
   

2. To rebuild the database script execution ansible

   ansible-playbook main.yml --limit database --tags db --inventory inventory/xxxx --ask-pass   --ask-vault-pass -e 'kong_pg_initdb=true' –verbose
   

xxxx to the environment file (stg, prod, etc.) used
3. Return to restore the current database db-master, the command is as follows:

sudo -u postgres psql kong < /tmp/kong.sql

4. Restart Kong on the gateway server with the following command:

    kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong
   

Note: If you perform complete step 3 on the restoration, which does not need to perform Step 4.
5. Verify Kong mamanger API / service API is normal.

7, Kong removed availability PostgreSQL Keepalived

1. Plus kong_pg_ha Boolean value variables Kong configuration, the open or close KeepAlived high availability.
   
   Profile Location:
   

2. DB backup of the current on the db-master, a command as follows:
   the sudo -u Postgres pg_dump Kong> /tmp/kong.sql

3. Call Ansible re-run for the tags and db task kong

   ansible-playbook main.yml --tags db -i inventory/idc-dmz-stg -k --verbose --diff --ask-vault-pass -e 'kong_pg_initdb=true'
   ansible-playbook main.yml --tags kong -i inventory/idc-dmz-stg -k --verbose --diff --ask-vault-pass
   

4. Back to recover the current database on the db-master, the command is as follows:

   sudo -u postgres psql kong < /tmp/kong.sql
   

5. Restart Kong on the gateway server with the following command:

   kong restart -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong
   

Note: If you perform complete step 3 on the restoration, which does not need to perform Step 4.

6. Verify Kong mamanger API / API business is normal.

8. Enable gzip compression

Option One: Enable gzip compression (not recommended) on Kong
because the current IDC Kong 0.10 Community Edition, does not support gzip compression, if you want to achieve compression need to modify the generic ngixn configuration template, introducing ngx_http_gzip_module module, and then Kong re compilation and deployment (consulted original, version 0.10 is due to the transitional version, not sure if you can succeed), and even if successful, it is all the API for enabling gzip, gzip compression can not be achieved in specific api.
Because the greatest impact, can not determine success, and therefore does not recommend implementing gzip compression on kong.
Configuration:
The block /usr/local/share/lua/5.1/kong/templates/nginx.lua http configuration file modifications, additions gzip configuration.
Configuration is as follows:

http {
    gzip on;
    gzip_disable "msie6";
    gzip_min_length 1000;
    gzip_proxied expired no-cache no-store private auth;

    # do not add text/html to gzip_types because it's added by default and will generate
    # nginx: [warn] duplicate MIME type "text/html"
    # http://stackoverflow.com/a/6475493/703144
    gzip_types application/json application/x-javascript application/xml application/xml+rss text/css text/javascript text/plain text/xml;

    include 'nginx-kong.conf';
}

Do not enable any conversion plug-in seems to work just fine.
Reference documents:

• https://github.com/Kong/kong/issues/409
• https://github.com/Kong/kong/pull/481
• https://github.com/Kong/kong/issues/1200
• https://github.com/Kong/kong/issues/3242
• http://nginx.org/en/docs/http/ngx_http_gzip_module.html

Scheme II: in a first kong add gzip compression, gzip compression enabled (recommended) on the F5
. 1, applied to the IDC kong a proxy_set_header Accept-Encoding 'gzip'; head
2, including the network enable gzip compression F5.
F5 Configuration Reference:

• https://wenku.baidu.com/view/4712f208f78a6529647d53e9.html

9, Kong visit static files

Method a: location or server implemented by adding

1, add location

location ~ .*\.txt$ {  
   		allow	127.0.0.1;
   		deny	all;
   		root   /etc/kong/root;
   	}

2, add custom server

server {
        listen 8002;
        server_name kong;
 
    location ~ .*\.txt$ {  
       root   /etc/kong/root;
    }
}

3, create a file
cd / etc / kong
mkdir root
chmod 644 root

vim my.txt
chmod 444 6616286876
4、重启Kong
kong reload -c /etc/kong/kong.conf --nginx-conf /etc/kong/nginx-kong.template -p /usr/local/kong

Method Two: is achieved by request-termination plug

1. Add API

    curl -i -X POST http://localhost:8001/apis/ \
        -d 'name=my-txt' \
        -d 'hosts=ssl-example.com' \
        -d 'uris=/my.txt' \
        -d 'methods=GET' \
        -d 'upstream_url=https://localhost:443' \
        -d 'strip_uri=false' \
        -d 'preserve_host=false' \
        -d 'https_only=true' \
        -d 'http_if_terminated=true' \
        -d 'retries=0'
   

2. Add request-termination plug

   curl -X POST http://localhost:8001/apis/my-txt/plugins \
       --data "name=request-termination"  \
       --data "config.status_code=200" \
       --data "config.body=123467890" \
       --data "config.content_type=text/plain;charset=utf-8"
   

10, various pits and solutions encountered

10.1 Kong server CPU load is too high a problem

Kong version: 0.9.9 Community Community Edition

Problem Description:
Kong server CPU load exceeds 100%, the API Kong after slow response situation.

Root Cause:
on-line with multiple systems, resulting in traffic Kong soared, causing Kong server CPU load is too high.

Solution:
** short-term solution: ** add nodes.
Long-term options:
Upgrade Kong, use the latest version.
Use keepalive, upstream, route CPU consumption can be reduced SSL communication.

10.2 Kong server CPU load is too high a problem

Problem Description:
Kong server CPU load suddenly increased to 100%.

Root Cause:
After Kong Enterprise Edition configured Response Rate Limiting plug-in, the default policy is Response Rate Limiting clustermode (using the database to count), because the Enterprise Edition Response Rate Limiting plug-in data written to the database does not clean up, as the amount of data more and more, read and write operations will consume a lot of CPU resources.

Solution:
The Response Rate Limiting widget config.policyconfiguration changes to localmode (counter stored in the local memory on the node).