Minio分布式集群部署——Swarm
最近研究minio分布式集群部署,发现网上大部分都是单服务器部署,而minio官方在github上现在也只提供了k8s和docker-compose的方式,网上有关与swarm启动minio集群的文章都不完整,这里我研究了近一周时间,终于是成功使用swarm部署minio集群,并用nginx统一入口
环境准备
四台虚拟机
- 192.168.2.38(管理节点)
- 192.168.2.81(工作节点)
- 192.168.2.100(工作节点)
- 192.168.2.102(工作节点)
时间同步
yum install -y ntp
cat <<EOF>>/var/spool/cron/root
00 12 * * * /usr/sbin/ntpdate -u ntp1.aliyun.com && /usr/sbin/hwclock -w
EOF
##查看计划任务
crontab -l
##手动执行
/usr/sbin/ntpdate -u ntp1.aliyun.com && /usr/sbin/hwclock -w
Docker
安装Docker
curl -sSL https://get.daocloud.io/docker | sh
启动docker
sudo systemctl start docker
sudo systemctl enable docker
搭建Swarm集群
打开防火墙(Swarm需要)
-
管理节点打开2377
# manager firewall-cmd --zone=public --add-port=2377/tcp --permanent
-
所有节点打开以下端口
# 所有node firewall-cmd --zone=public --add-port=7946/tcp --permanent firewall-cmd --zone=public --add-port=7946/udp --permanent firewall-cmd --zone=public --add-port=4789/tcp --permanent firewall-cmd --zone=public --add-port=4789/udp --permanent
-
所有节点重启防火墙
# 所有node firewall-cmd --reload systemctl restart docker
-
图个方便可以直接关闭防火墙
创建Swarm
docker swarm init --advertise-addr your_manager_ip
加入Swarm
docker swarm join --token SWMTKN-1-
51b7t8whxn8j6mdjt5perjmec9u8qguxq8tern9nill737pra2-ejc5nw5f90oz6xldcbmrl2ztu
192.168.2.38:2377
#查看节点
docker node ls
服务约束
添加label
sudo docker node update --label-add minio1=true 管理节点名称
sudo docker node update --label-add minio2=true 工作节点名称
sudo docker node update --label-add minio3=true 工作节点名称
sudo docker node update --label-add minio4=true 工作节点名称
为MinIO创建Docker secret
echo "minioadmin" | docker secret create access_key -
echo "12345678" | docker secret create secret_key -
Minio集群部署文件
创建文件存放目录
管理节点执行
cd /root
mkdir minio-swarm
vi docker-compose-nginx.yml
Docker-Compose.yml
version: '3.7'
services:
nginx:
image: nginx
hostname: minionginx
volumes:
- /root/minio-swarm/conf/swarm-nginx.conf:/etc/nginx/nginx.conf
ports:
- "9090:80"
- "9000:9000"
deploy:
replicas: 1
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
placement:
constraints:
- node.labels.minio1==true
resources:
limits:
# cpus: '0.001'
memory: 1024M
reservations:
# cpus: '0.001'
memory: 64M
resources:
limits:
memory: 2048M
reservations:
memory: 512M
networks:
- minio_distributed
depends_on:
- minio1
- minio2
- minio3
- minio4
minio1:
image: quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
hostname: minio1
volumes:
- data1-1:/data1
- data1-2:/data2
deploy:
replicas: 1
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
placement:
constraints:
- node.labels.minio1==true
resources:
limits:
memory: 2048M
reservations:
memory: 512M
command: server --console-address ":9001" http://minio{1...4}/data{1...2}
networks:
- minio_distributed
secrets:
- secret_key
- access_key
healthcheck:
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
minio2:
image: quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
hostname: minio2
volumes:
- data2-1:/data1
- data2-2:/data2
deploy:
replicas: 1
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
placement:
constraints:
- node.labels.minio2==true
resources:
limits:
memory: 2048M
reservations:
memory: 512M
command: server --console-address ":9001" http://minio{1...4}/data{1...2}
networks:
- minio_distributed
secrets:
- secret_key
- access_key
healthcheck:
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
minio3:
image: quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
hostname: minio3
volumes:
- data3-1:/data1
- data3-2:/data2
deploy:
replicas: 1
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
placement:
constraints:
- node.labels.minio3==true
resources:
limits:
memory: 2048M
reservations:
memory: 512M
command: server --console-address ":9001" http://minio{1...4}/data{1...2}
networks:
- minio_distributed
secrets:
- secret_key
- access_key
healthcheck:
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
minio4:
image: quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
hostname: minio4
volumes:
- data4-1:/data1
- data4-2:/data2
deploy:
replicas: 1
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
placement:
constraints:
- node.labels.minio4==true
resources:
limits:
memory: 2048M
reservations:
memory: 512M
command: server --console-address ":9001" http://minio{1...4}/data{1...2}
networks:
- minio_distributed
secrets:
- secret_key
- access_key
healthcheck:
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
volumes:
data1-1:
data1-2:
data2-1:
data2-2:
data3-1:
data3-2:
data4-1:
data4-2:
networks:
minio_distributed:
driver: overlay
secrets:
secret_key:
external: true
access_key:
external: true
说明:
- secret_key和access_key由上一步通过
docker secret create xxx -
创建的 - 一个节点上最好部署一个minio服务,如果部署多个可能会出现磁盘被占用的情况,所以最好是增加机器再部署
nginx.conf
创建目录
cd /root/minio-swarm
mkdir conf
cd conf
vi swarm-nginx.conf
如果需要增加集群的节点,需要在Upstream中添加新节点的服务名:9001
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
upstream minio {
server minio1:9000;
server minio2:9000;
server minio3:9000;
server minio4:9000;
}
server {
listen 9000;
listen [::]:9000;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio;
}
}
# include /etc/nginx/conf.d/*.conf;
upstream console {
server minio1:9001;
server minio2:9001;
server minio3:9001;
server minio4:9001;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
location / {
proxy_connect_timeout 5;
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://console;
}
}
}
部署
cd /root/minio-swarm
docker stack deploy -c docker-compose-nginx.yaml minio-swarm
测试
浏览器访问
一个节点宕机
模拟其中一个节点宕机,看能否正常读取数据(minio集群的写入需要至少4个在线磁盘,如果是两个节点的集群,一个节点宕机,那么集群就只能读取,无法写入)
如果是一个有N块硬盘的分布式Minio,只要有N/2硬盘在线,你的数据就是可以读取的。不过你需要至少有N/2+1个硬盘来创建新的对象。
[root@test redis-swarm2]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
l317d9wc49tt minio-swarm_minio1 replicated 1/1 quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
x2gj6ert03tj minio-swarm_minio2 replicated 1/1 quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
z624sonlnk02 minio-swarm_minio3 replicated 1/1 quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
xu0gx8mbjocm minio-swarm_minio4 replicated 1/1 quay.io/minio/minio:RELEASE.2022-02-12T00-51-25Z
53w8cpjpe7wd minio-swarm_nginx replicated 1/1 nginx:latest *:9000->9000/tcp, *:9090->80/tcp
现在将其中一台服务器停机处理,刷新浏览器
可以正常写入和读取数据
二个节点宕机
API可以正常读取数据。如果你退出了minio控制台回到登录界面,则无法再次登录进去。如果没有退出,那你仍然可以查看数据,但无法上传数据。
注意: 如果要模拟节点宕机,至少需要3台机器,如果是两台,模拟宕机一台,另一台是无法写入的