高可用 Docker Swarm 安装

1. 环境介绍

**注意: 三台机器 即是主节点又是从节点 **

主机名称	swarm-01	swarm-02	swarm-03
操作系统	Centos 7	Centos 7	Centos 7
内核版本	3.10.0-957.e17.x86_64	3.10.0-957.e17.x86_64	3.10.0-957.e17.x86_64
IP	192.168.100.100	192.168.100.200	192.168.100.250
Nginx	1.22.0	1.22.0	无
keepalived	主	从	无
虚拟IP	192.168.100.50	192.168.100.50	无

2. 环境准备

2.1 修改主机名

# 各自修改主机名称
hostnamectl set-hostname xxxx

2.2 修改hosts

cat >> /etc/hosts << EOF
192.168.100.100 swarm-01
192.168.100.200 swarm-02
192.168.100.2500 swarm-03
EOF

2.3 关闭防火墙和SLinux

# 关闭防火墙
systemctl disable --now firewalld.service# 关闭SLinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0

2.4 配置yum源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backupcurl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repoyum makecache 

2.5 同步时间

# 时区调整，时间校准
date -R
timedatectl set-timezone Asia/Shanghai
yum -y install ntpcat >>/etc/nft.conf<<EOF
driftfile  /var/lib/ntp/drift
pidfile   /var/run/ntpd.pid
logfile /var/log/ntp.log
restrict    default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
server 127.127.1.0
fudge  127.127.1.0 stratum 10
server ntp.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp.aliyun.com nomodify notrap nopeer noquery
EOF
# 同步
ntpdate ntp.aliyun.com

3. 安装Docker

3.1 安装

# 安装docker 需要的依赖 要去操作系统必须能访问外网yum install -y yum-utils device-mapper-persistent-data lvm2 bash-completion# 添加阿里云docker-ce 软件源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo# 查看版本
yum list docker-ce --showduplicates | sort -r
yum list containerd.io --showduplicates | sort -r# 注意 如果要安装 指定版本的docker 比如 18.09
yum install -y docker-ce-20.10.15-3.el7 docker-ce-cli-20.10.15-3.el7 containerd.io# 启动docker
systemctl start docker# 设置开机自启动
systemctl enable docker# 查看docker 状态
systemctl status docker# 配置镜像
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://dockerhub.icu","https://docker.chenby.cn","https://docker.1panel.live","https://docker.aws19527.cn","https://docker.anyhub.us.kg","https://dhub.kubesre.xyz"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

dockerd_135">3.2 修改dockerd

# 查询服务状态
systemctl status docker[root@kube-master ~]# systemctl status docker
● docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)Active: active (running) since 四 2024-08-08 11:01:33 CST; 5 days agoDocs: https://docs.docker.comMain PID: 104031 (dockerd)Tasks: 11Memory: 65.3MCGroup: /system.slice/docker.service
# 看Loaded 服务在哪里
vi /usr/lib/systemd/system/docker.service# 在ExecStart 添加 -H tcp://0.0.0.0:2375
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375sudo systemctl daemon-reload
sudo systemctl restart docker

4. 安装 Nginx 和 keepalived

4.1 主机名称：swarm-01 和 swarm-02

# 配置nginx 软件源
vi /etc/yum.repos.d/nginx.repo[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true# 更新索引
yum makecache # 查看可以安装的版本
yum list nginx --showduplicates | sort -r# 安装nginx
yum install -y nginx-1.22.0# 先创建swarm-access.log
touch /var/log/nginx/swarm-access.log
# 修改文件
vi /etc/nginx/nginx.conf
################################################################################################################################
stream {log_format main '$remote_addr $remote_port - [$time_local] $status $protocol ''"$upstream_addr" "$upstream_bytes_sent" "$upstream_connect_time"' ;access_log /var/log/nginx/swarm-access.log main;upstream docker_servers {server 192.168.100.100:2375;server 192.168.100.200:2375;server 192.168.100.250:2375;# 使用轮询方式请求least_conn;}   server {listen 9999;proxy_connect_timeout 3s;proxy_timeout 300s;proxy_pass docker_servers;}
}# 安装 keepalived
yum install -y keepalived# 备份配置文件
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak# 编写健康脚本
cat > /etc/keepalived/nginx_check.sh <<EOF
#!/bin/sh
# nginx down
pid=`ps -C nginx --no-header | wc -l`
if [ $pid -eq 0 ]
thensystemctl start nginxsleep 5if [ `ps -C nginx --no-header | wc -l` -eq 0 ]thensystemctl stop nginxelseexit 0fi
fi
EOF# 增加可执行权限
chmod +x /etc/keepalived/nginx_check.sh

4.2 swarm-01

# 配置文件
cat > /etc/keepalived/keepalived.conf <<EOF! Configuration File for keepalivedglobal_defs {router_id lb01 # 唯一就行
}vrrp_script chk_nginx {script "/etc/keepalived/nginx_check.sh"interval 2weight 2
}vrrp_instance VI_1 {state MASTERinterface ens32 # 修改从自己网卡名称virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.50/24 dev ens32 label ens32:1 scope global}# 执行脚本track_script {# 对应vrrp_script配置的脚本chk_nginx}
}
EOF

4.3 swarm-02

# 配置文件
cat > /etc/keepalived/keepalived.conf <<EOF! Configuration File for keepalivedglobal_defs {router_id lb02 # 唯一就行
}vrrp_script chk_nginx {script "/etc/keepalived/nginx_check.sh"interval 2weight 2
}vrrp_instance VI_1 {state MASTERinterface ens32 # 修改从自己网卡名称virtual_router_id 51priority 99advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.50/24 dev ens32 label ens32:1 scope global}# 执行脚本track_script {# 对应vrrp_script配置的脚本chk_nginx}
}
EOF

4.4 启动

systemctl enable nginx --now
systemctl enable keepalived --now

5. 初始化集群

5.1 主机名称: swarm-01

# 初始化集群
docker swarm init --advertise-addr=192.168.100.100[root@swarm-01 ~]# docker swarm init --advertise-addr=192.168.100.100
Swarm initialized: current node (vf2x510svcmubg1xhmn033ybr) is now a manager.To add a worker to this swarm, run the following command:
# 要向集群中添加一个工作节点，运行以下命令:docker swarm join --token SWMTKN-1-0dbfjw2hwt147y5szbqzvon2szdiz6l9r7lpbgkf6fy47djx4q-9cbxlsr9ykn8koysdohs63woc 192.168.100.100:2377To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.# token 忘记咋办
docker swarm join-token worker

5.2 主机名称: swarm-02 和 swarm-03

docker swarm join --token SWMTKN-1-0dbfjw2hwt147y5szbqzvon2szdiz6l9r7lpbgkf6fy47djx4q-9cbxlsr9ykn8koysdohs63woc 192.168.100.100:2377

5.3 修改node节点为master节点

# 查看节点 
docker node ls[root@swarm-01 ~]# docker node ls
ID                            HOSTNAME      STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
vf2x510svcmubg1xhmn033ybr *   swarm-01      Ready     Active         Leader           20.10.15
d7gk2iakpqe4s2zumkaoz0d2e     swarm-02      Ready     Active                          20.10.15
pg4wpkcg6mx3wu5j0hhf4zh46     swarm-03      Ready     Active                          20.10.15# 将 swarm-02 变成 master节点
docker node promote d7gk2iakpqe4s2zumkaoz0d2e# 将 swarm-03 变成 master节点
docker node promote pg4wpkcg6mx3wu5j0hhf4zh46# 再次查看
[root@swarm-01 ~]# docker node ls
ID                            HOSTNAME      STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
vf2x510svcmubg1xhmn033ybr *   swarm-01      Ready     Active         Leader           20.10.15
d7gk2iakpqe4s2zumkaoz0d2e     swarm-02      Ready     Active         Reachable        20.10.15
pg4wpkcg6mx3wu5j0hhf4zh46     swarm-03      Ready     Active         Reachable        20.10.15

6 测试连接

**nginx 监听端口为 9999 ，keepalived 虚拟ip为192.168.100.50 **