文章目录
文档基于102篇博文编写
4. Rancher-Server的HA部署
这里我们要是实现Rancher-Server的HA部署,需要两台server节点和一台client,仓库可以使用上次部署的私有仓库,具体网络分配如下。
| 节点 | Ip | 角色 | 功能 |
|---|---|---|---|
| Server1 | 10.0.0.137 | Rancher-server1 | Rancher-server、仓库、haproxy、数据库服务 |
| Server2 | 10.0.0.138 | Rancher-server2 | Server服务 |
| Client2 | 10.0.0.139 | Rancher-agent | 代理 |
4.1、Server1节点部署Rancher-Server
4.1.1、安装Docker服务
yum install -y docker
systemctl restart docker
systemctl enable docker
4.1.2、添加私有仓库
[root@server ~]# vim /etc/sysconfig/docker
ADD_REGISTRY='--add-registry 10.0.0.137:5000'
INSECURE_REGISTRY='--insecure-registry 10.0.0.137:5000'
systemctl daemon-reload
systemctl restart docker
4.1.3、安装、配置数据服务
[root@server ~]# yum install mariadb mariadb-server
[root@server ~]# systemctl start mariadb
[root@server ~]# systemctl enable mariadb
[root@server ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
4.1.4、创建公用数据库
[root@server ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS cattle COLLATE = 'utf8_general_ci' CHARACTER SET = 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON cattle.* TO 'cattle'@'%' IDENTIFIED BY 'cattle';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON cattle.* TO 'cattle'@'localhost' IDENTIFIED BY 'cattle';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
4.2、启动Server1节点的Rancher-server服务
docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 10.0.0.137:5000/rancher/server:v1.6.5 --db-host 10.0.0.137 --db-port 3306 --db-user cattle --db-pass cattle --db-name cattle --advertise-address 10.0.0.137
点击系统管理,查看高可用主机
4.3、Server2节点部署Rancher-Server服务
1、安装Docker服务
yum install -y docker
systemctl restart docker
systemctl enable docker
2、添加私有仓库
[root@server2 ~]# vim /etc/sysconfig/docker
ADD_REGISTRY='--add-registry 10.0.0.137:5000'
INSECURE_REGISTRY='--insecure-registry 10.0.0.137:5000'
systemctl daemon-reload
systemctl restart docker
3、安装、配置数据服务
[root@server2 ~]# yum install mariadb mariadb-server
[root@server2 ~]# systemctl start mariadb
[root@server2 ~]# systemctl enable mariadb
[root@server2 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
4、创建公用数据库
[root@server2 ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS cattle COLLATE = 'utf8_general_ci' CHARACTER SET = 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON cattle.* TO 'cattle'@'%' IDENTIFIED BY 'cattle';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON cattle.* TO 'cattle'@'localhost' IDENTIFIED BY 'cattle';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
4.4、启动server2节点Rancher-server服务
它会自动拉取所有镜像
[root@server02 ~]# docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 10.0.0.137:5000/rancher/server:v1.6.5 --db-host 10.0.0.138 --db-port 3306 --db-user cattle --db-pass cattle --db-name cattle --advertise-address 10.0.0.138
Unable to find image '10.0.0.137:5000/rancher/server:v1.6.5' locally
Trying to pull repository 10.0.0.137:5000/rancher/server ...
v1.6.5: Pulling from 10.0.0.137:5000/rancher/server
c314617ce3f1: Pulling fs layer
2389af727e43: Pulling fs layer
e97b6d94bca0: Pulling fs layer
e597f798b336: Pulling fs layer
4f4fb700ef54: Pull complete
c3b8df9eabb1: Pull complete
fa0d7e36eba9: Pull complete
f7ed69ab1f82: Pull complete
64d23e97b335: Pull complete
abbe1102767a: Pull complete
b09f2f40df56: Pull complete
6f8fcf2e7b26: Pull complete
aca001a017c0: Pull complete
749c1256f54c: Pull complete
ff88285128ab: Pull complete
0d32399e6999: Pull complete
6f320d7ebfe3: Pull complete
f2f0709609ca: Pull complete
9fec6cfedddb: Pull complete
90f854cdd5e5: Pull complete
cf7abe7405d0: Pull complete
45e00b77c576: Pull complete
a2ab842ecb42: Pull complete
e1e1a435150d: Pull complete
f8a02c2045a0: Pull complete
257037cacc5d: Pull complete
a2dfb9e5fb17: Pull complete
Digest: sha256:ff1289d72b6a711f1c205556ab9184e77ec37aa73a339c052dd221682666de92
Status: Downloaded newer image for 10.0.0.137:5000/rancher/server:v1.6.5
47b865c70c28b9657b2f0bf32b78ca4d5b5f09e5aa92da446d9bc2656efed650
启动完成之后通过网页访问 http://10.0.0.138:8080
4.5、配置HA高可用
haproxy服务最好安装在单独节点,这里资源紧张,所以俺就直接部署在server2节点上。
1、安装haproxy服务
[root@server2]# yum install -y haproxy
2、重写haproxy.cfg文件
[root@server2]# vi /etc/haproxy/haproxy.cfg
[root@server2 ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 4096
ssl-server-verify none
defaults
mode http
balance roundrobin
option redispatch
option forwardfor
timeout connect 5s
timeout queue 5s
timeout client 36000s
timeout server 36000s
frontend http-in
mode tcp
#bind *:443 ssl crt /etc/haproxy/certificate.pem
bind *:80
default_backend rancher_servers
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
use_backend rancher_servers if is_websocket
backend rancher_servers
server websrv1 10.0.0.137:8080 weight 1 maxconn 1024 //server01ip:8080
server websrv2 10.0.0.138:8080 weight 1 maxconn 1024 //server02ip:8080
4.6、启动haproxy服务管理,访问server2 ip:80,
[root@server2 ~]# haproxy -f /etc/haproxy/haproxy.cfg &
[1] 36951
4.7、测试高可用性
首先停止server1节点的Rancher-server容器,然后访问server2:80
[root@server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
41b87f74c412 10.0.0.137:5000/rancher/server:v1.6.5 "/usr/bin/entry --..." 13 minutes ago Up 13 minutes 0.0.0.0:8080->8080/tcp, 3306/tcp, 0.0.0.0:9345->9345/tcp gallant_jepsen nifty_poitras
88681665774b docker.io/registry:latest "/entrypoint.sh /e..." 5 weeks ago Up About an hour 0.0.0.0:5000->5000/tcp registry
[root@server1 ~]# docker stop 41b87f74c412
41b87f74c412
这里可以发现,即使我们两个server节点中的其中一个节点down掉,只要我们的haproxy正常运行,还是可以正常访问rancher-server服务
4.8、添加client节点
4.8.1、点击添加主机;选择Custom,输入client节点的ip,复制粘贴脚本到client节点运行
