Docker Swarm集群环境手动部署
1. 建议配置
- 系统: CentOS7+ (最小化安装 能访问公网)
- CPU: 8Core+
- 内存: 24GB
- 磁盘: >=100GB+
存储空间计算参考:100个测点1分钟采集一次,年存储空间消耗30GB。
- 服务器数量: 4
2. 适配系统
- 测试兼容阿里云CentOS7+、Redhat7+
- 测试兼容华为云CentOS7+、Redhat7+
- 测试兼容腾讯云CentOS7+、Redhat7+
- 其余平台/系统目前暂时没有进行过多测试
3. 环境信息
以下为4台服务器方式部署 所有命令均在 172.31.32.200 服务器执行
服务器信息:
主机名 主机IP swarm角色
node01 172.31.32.200 master
node02 172.31.32.201 master
node03 172.31.32.202 works
node04 172.31.32.203 works
4. 配置环境变量
请确保 SERVER_IP 变量中 IP填写无误
SERVER_NAME=(node01 node02 node03 node04)
SERVER_IP=(172.31.32.200 172.31.32.201 172.31.32.202 172.31.32.203)
5. 配置本地 hosts 解析
只保留hosts文件前三行, 将ERVER_NAME 与 SERVER_IP 一一对应写入 hosts
sed -i '3,$d' /etc/hosts
echo -e "\n# swarm cluster" >> /etc/hosts
let SER_LEN=${#SERVER_IP[@]}-1
for ((i=0;i<=$SER_LEN;i++)); do
echo "${SERVER_IP[i]} ${SERVER_NAME[i]}" >> /etc/hosts
done
6. 配置秘钥登录
配置 172.31.32.200 到其他节点秘钥登录 (请替换ssh root用户密码 123abc@DEF )
SSH_RROT_PASSWD=123abc@DEF
bash <(curl -sSL https://gitee.com/yx571304/olz/raw/master/shell/ssh-key-copy.sh) "$(echo ${SERVER_IP[@]})" root $SSH_RROT_PASSWD
7. 系统优化
1.配置hosts
# 同步 hosts 到其他节点
for node in ${SERVER_IP[@]}; do
echo "[INFO] scp hosts -----> $node"
scp /etc/hosts $node:/etc/hosts
done
2.设置主机名
注意: 请确保此步骤执行成功(执行完成后在每台主机执行 hostnamectl 查看主机名应该为 node0[1-4])
# 手动指定网卡 eth1(此网卡为 SERVER_IP 变量中的IP网卡)
for node in ${SERVER_IP[@]}; do
ssh -T $node <<'EOF'
HOST_IF=eth1
HOST_IP=$(ip a|grep "$HOST_IF$"|awk '{print $2}'|cut -d'/' -f1)
hostnamectl set-hostname $(grep $HOST_IP /etc/hosts | awk '{print $2}')
EOF
done
# 自动获取网卡方式(获取到的网卡IP为能上网的网卡IP)
for node in ${SERVER_IP[@]}; do
ssh -T $node <<'EOF'
HOST_IF=$(ip route|grep default|cut -d ' ' -f5)
HOST_IP=$(ip a|grep "$HOST_IF$"|awk '{print $2}'|cut -d'/' -f1)
hostnamectl set-hostname $(grep $HOST_IP /etc/hosts | awk '{print $2}')
EOF
done
3.调整内核参数/selinux/防火墙
for node in ${SERVER_IP[@]}; do
echo "[INFO] Config -----> $node"
ssh -T $node <<'EOF'
# 优化ssh连接速度
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication .*/GSSAPIAuthentication no/" /etc/ssh/sshd_config
systemctl restart sshd
# 配置阿里云yum源
rm -f /etc/yum.repos.d/*.repo
curl -so /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -so /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i '/aliyuncs.com/d' /etc/yum.repos.d/Centos-7.repo /etc/yum.repos.d/epel-7.repo
# 防火墙
firewall-cmd --set-default-zone=trusted
firewall-cmd --complete-reload
iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t raw
iptables -X -t raw
iptables -F -t mangle
iptables -X -t mangle
# 文件/进程 限制
if [ ! "$(grep '# My Limits' /etc/security/limits.conf)" ]; then
echo -e "\n# My Limits" >> /etc/security/limits.conf
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
echo "* soft nproc 65535" >> /etc/security/limits.conf
echo "* hard nproc 65535" >> /etc/security/limits.conf
echo "* soft memlock unlimited" >> /etc/security/limits.conf
echo "* hard memlock unlimited" >> /etc/security/limits.conf
fi
# 启用路由转发
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
# 同时同一用户可以监控的目录数量
echo 'fs.inotify.max_user_watches=524288' >> /etc/sysctl.conf
# 进程拥有VMA(虚拟内存区域)的数量
echo 'vm.max_map_count=655360' >> /etc/sysctl.conf
# TIME_WAIT
echo 'net.ipv4.tcp_syncookies = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
modprobe br_netfilter
sysctl -p -w /etc/sysctl.conf
# stop/disable selinux
setenforce 0
sed -i 's#SELINUX=.*#SELINUX=disabled#' /etc/selinux/config
EOF
done
4.配置时间同步
for node in ${SERVER_IP[@]}; do
echo "[INFO] Install ntpdate -----> $node"
ssh -T $node <<'EOF'
yum install -y ntpdate
ntpdate ntp1.aliyun.com
hwclock -w
crontab -l > /tmp/crontab.tmp
echo "*/20 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1 && /usr/sbin/hwclock -w" >> /tmp/crontab.tmp
cat /tmp/crontab.tmp | uniq > /tmp/crontab
crontab /tmp/crontab
rm -f /tmp/crontab.tmp /tmp/crontab
EOF
done
8. 安装docker环境
从安装源获取最新稳定版本并安装(二进制版)
for node in ${SERVER_IP[@]}; do
echo "[INFO] Install docker -----> $node"
ssh -T $node 'bash <(curl -sSL https://gitee.com/yx571304/olz/raw/master/shell/docker/install.sh) -i docker'
done
9. 配置 swarm 集群
# 创建swarm 集群
docker swarm init --advertise-addr $(awk '/node01/{print $1}' /etc/hosts)
# 获取加入 worker 角色 token
worker_cmd=$(docker swarm join-token worker | grep 'token')
manager_cmd=$(docker swarm join-token manager | grep 'token')
# node02 加入集群 角色 manager
ssh node02 "$manager_cmd"
# node03 node04 加入集群 角色 worker
ssh node03 "$worker_cmd"
ssh node04 "$worker_cmd"
# 验证
docker node ls
10. 安装 docker 插件 weave
for node in ${SERVER_IP[@]}; do
echo "[INFO] install weave -----> $node"
ssh -T $node '''
repeat() { while true; do $@ && return; done; }
repeat echo -e "y\n" | repeat docker plugin install weaveworks/net-plugin:latest_release
docker plugin disable weaveworks/net-plugin:latest_release
docker plugin set weaveworks/net-plugin:latest_release WEAVE_PASSWORD=MySwarmCluster
docker plugin set weaveworks/net-plugin:latest_release WEAVE_MULTICAST=1
docker plugin enable weaveworks/net-plugin:latest_release
'''
done
11. 安装配置 glusterfs 集群
1.安装 glusterfs-server
# 定义 gluster 数据存储目录(请根据实际情况更改 建议存储使用一个新分区或硬盘格式化后挂载用于存储)
gluster_data=/gluster/data
for node in ${SERVER_IP[@]}; do
echo "[INFO] Install glusterfs-server -----> $node"
ssh -T $node """
# 添加软件仓库
yum install -y centos-release-gluster bash-completion
# 安装 glusterfs-server
yum install -y glusterfs-server
# 启动服务跟随系统启动
systemctl start glusterd
systemctl enable glusterd
# 创建gluster存储数据目录
mkdir -p $gluster_data
# 创建gluster挂载到本地的路径
mkdir -p /swarm/volumes
"""
done
2.配置集群
# 配置信任池
gluster peer probe node02
gluster peer probe node03
gluster peer probe node04
# 检查信任池状态
gluster peer status
# 创建复制卷
gluster volume create swarm-volumes replica 2 node01:${gluster_data} node02:${gluster_data} node03:${gluster_data} node04:${gluster_data} force
# 设置权限 仅允许从本地挂载
gluster volume set swarm-volumes auth.allow 127.0.0.1
# 启动
gluster volume start swarm-volumes
# 查看状态
gluster volume status swarm-volumes
gluster volume info
11. 安装配置 autofs 自动挂载
# 安装 配置 autofs
for node in ${SERVER_IP[@]}; do
ssh -T $node <<'EOF'
# 安装 autofs
yum install -y autofs
# 配置
echo -e '\n# add glusterfs config\n/swarm /etc/glusterfs.net' >> /etc/auto.master
echo 'volumes -fstype=glusterfs,rw localhost:/swarm-volumes' > /etc/glusterfs.net
# 启动服务跟随系统启动
systemctl restart autofs
systemctl enable autofs
EOF
done
# 验证
for node in ${SERVER_IP[@]}; do
echo "[INFO] Mount glusterfs -----> $node"
ssh -T $node 'df -hT | grep glusterfs'
done