本文是swarm docker集群的实施文档
环境: centos 7
192.168.1.23 swarm-manager rethinkdb controller swarm-agent consul-c1 registrator
192.168.1.45 registrator swarm-agent consul-s3
192.168.1.65 registrator swarm-agent consul-s2
192.168.1.66 registrator swarm-agent consul-s2
192.168.1.70 registrator consul-c2 consul-template (nginx、haproxy)
192.168.1.71 registrator consul-c2 consul-template (nginx、haproxy)
docker-engine 1.12.4
一、安装 docker-engine 1.12.4
1、 先检查是否安装旧版本docker
rpm -qa|grep docker
如果有先卸载
yum remove docker*
2.编辑docker.repo文件,写入如下内容
cat >> /etc/yum.repos.d/docker-main.repo << EOF
name=Docker main Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=
EOF
3.安装docker
yum -y install docker-engine
4.关闭防火墙和selinux
systemctl stop firewalld.service
systemctl disable firewalld.service
关闭selinux
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
重启
5.增加tcp监听端口
修改/lib/systemd/system/docker.service
sed -i 's/ExecStart=.*/ExecStart=\/usr\/bin\/dockerd -H unix\:\/\/\/var\/run\/docker.sock -D -H tcp\:\/\/0.0.0.0\:2375/g' /lib/systemd/system/docker.service
6.重启docker
systemctl enable docker.service
systemctl restart docker
ps -ef|grep docker
能看到docker启动及2375端口
7、安装pip及docker api
yum -y install epel-release
yum -y install python-pip
pip install docker-py docker-compose
二、配置consul cluster
1、创建 consul 用户及组
groupadd -g 1000 consul
useradd -u 100 -g 1000 -s /sbin/nologin consul
2、创建consul 数据存储文件夹
mkdir -p /opt/consul/{data,conf}
chown -R consul: /opt/consul
3、 拉取consul镜像
docker pull progrium/consul
提示:目录没有官方出consul镜像,以上consul镜像是星数最高的,也是consul官方推荐的第三方docker image
4、启动 consul server 192.168.1.66
docker run -d \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
-h consul-s1 \
--restart=always \
--name=consul-s1 \
progrium/consul \
-server -bootstrap-expect=1 \
-ui-dir=/ui \
-client 0.0.0.0 \
-advertise 192.168.1.66
5、启动 consul server 192.168.1.65
docker run -d \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
-h consul-s2 \
--restart=always \
--name=consul-s2 \
progrium/consul \
-server \
-ui-dir=/ui \
-client 0.0.0.0 \
-advertise 192.168.1.65 -join 192.168.1.66
6、启动 consul server 192.168.1.45
docker run -d \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
-h consul-s3 \
--restart=always \
--name=consul-s3 \
progrium/consul \
-server \
-ui-dir=/ui \
-client 0.0.0.0 \
-advertise 192.168.1.45 -join 192.168.1.66
7、启动 consul Client 192.168.1.23
docker run -d -h consul-c1 \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
--restart=always \
--name=consul-c1 \
progrium/consul -advertise 192.168.1.23 -join 192.168.1.66
8、启动 consul Client 192.168.1.70
docker run -d -h consul-c2 \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
--restart=always \
--name=consul-c2 \
progrium/consul -advertise 192.168.1.70 -join 192.168.1.66
9、启动 consul Client 192.168.1.71
docker run -d -h consul-c3 \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
--restart=always \
--name=consul-c3 \
progrium/consul -advertise 192.168.1.71 -join 192.168.1.66
10、关闭consul-s1并删除容器
docker rm -rf consul-s1
重新启动一个新容器
docker run -d \
-p 8300:8300 \
-p 8301:8301 \
-p 8301:8301/udp \
-p 8302:8302 \
-p 8302:8302/udp \
-p 8400:8400 \
-p 8500:8500 \
-p 8600:53 \
-p 8600:53/udp \
-v /opt/consul/data:/data \
-h consul-s2 \
--restart=always \
--name=consul-s2 \
progrium/consul \
-server \
-ui-dir=/ui \
-client 0.0.0.0 \
-advertise 192.168.1.66 -join 192.168.1.65
进入容器运行 consul info 查询是否实现自动选举Leader
三、 registrator状态获取
依次启动
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.66 \
consul://192.168.1.66:8500
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.65 \
consul://192.168.1.65:8500
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.45 \
consul://192.168.1.45:8500
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.23 \
consul://192.168.1.23:8500
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.70 \
consul://192.168.1.70:8500
docker run \
-d \
--restart=always \
--name=registrator \
--net=host \
-v /var/run/docker.sock:/tmp/docker.sock \
gliderlabs/registrator \
-ip 192.168.1.71 \
consul://192.168.1.71:8500
四、安装 Shipyard+Swarm
1、 192.168.1.23
docker run -tid \
-p 3375:3375 \
--restart=always \
--name shipyard-swarm-manager \
swarm:latest \
manage --host tcp://0.0.0.0:3375 consul://192.168.1.66:8500
docker run -tid \
--restart=always \
--name=shipyard-rethinkdb \
-p 28015:28015 \
-p 29015:29015 \
-v /data/rethinkdb:/data \
index.tenxcloud.com/docker_library/rethinkdb
docker run -tid \
--restart=always \
--name shipyard-controller \
--link shipyard-rethinkdb:rethinkdb \
--link shipyard-swarm-manager:swarm \
-p 8080:8080 \
dockerclub/shipyard:latest \
server \
-d tcp://swarm:3375
2、安装swarm-agent (192.168.1.66,192.168.1.65,192.168.1.45)
docker run -tid \
五、安装haproxy or nginx (192.168.1.70,192.168.1.71)
1、安装haproxy
http://www.haproxy.org/download/1.7/src/haproxy-1.7.0.tar.gz
yum -y install git patch gcc gcc-c++ readline-devel zlib-devel libffi-devel \
openssl openssl-devel make autoconf automake libtool bison libxml2 \
libxml2-devel libxslt-devel libyaml-devel python python-docutils \
cmake imake expat-devel libaio libaio-devel bzr ncurses-devel wget \
libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
pcre-devel curl-devel libmcrypt libmcrypt-devel
cd /tmp
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.0.tar.gz
tar -xvf /tmp/haproxy-1.7.0.tar.gz
make TARGET=linux31 PREFIX=/opt/haproxy
make install PREFIX=/opt/haproxy
2、配置/opt/haproxy/conf/haproxy.conf
global
log 127.0.0.1 local0
3、haproxy 启动脚本 /etc/init.d/haproxy
undefined
4、启动 haproxy 并加入开机启动
chmod +x haproxy
chkconfig haproxy on
service haproxy start
5、安装nginx 并支支持数字证书
https://www.openssl.org/source/openssl-1.1.0c.tar.gz
http://nginx.org/download/nginx-1.11.7.tar.gz
yum -y install git patch gcc gcc-c++ readline-devel zlib-devel libffi-devel \
openssl openssl-devel make autoconf automake libtool bison libxml2 \
libxml2-devel libxslt-devel libyaml-devel python python-docutils \
cmake imake expat-devel libaio libaio-devel bzr ncurses-devel wget \
libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
pcre-devel curl-devel libmcrypt libmcrypt-devel
下载安装openssl
cd /tmp
wget https://www.openssl.org/source/openssl-1.1.0c.tar.gz
tar -xvf openssl-1.1.0c.tar.gz
cd /tmp/openssl-1.1.0c
./config --openssldir=/usr/local/ssl
make && make install
./config shared --openssldir=/usr/local/ssl
make clean
make && make install
下载安装 nginx
cd /tmp
wget http://nginx.org/download/nginx-1.11.7.tar.gz
groupadd -r nginx
useradd -g nginx -r nginx
tar -xvf nginx-1.11.7.tar.gz
cd /tmp/nginx-1.11.7
./configure --prefix=/usr/local/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-threads \
--with-stream \
--with-openssl=/tmp/openssl-1.1.0c \
6、nginx 配置文件
修改/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
include user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}/*.conf;
}
创建 /etc/nginx/conf.d 文件夹
mkdir -p /etc/nginx/conf.d
添加nginx默认web配置文件
/etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
7、创建nginx 启动脚本 /etc/init.d/nginx
undefined
8、设置nginx开机启动并启动nginx
chmod +x nginx
chkconfig nginx on
service nginx start
六、安装consul-template 实现服务器自动发现
1、下载consul-template
https://releases.hashicorp.com/consul-template/0.16.0/consul-template_0.16.0_linux_amd64.zip
cd /tmp
wget https:
2、consul-template haproxy配置
cat > /opt/consul/conf/haproxy_ctmpl.json << EOF
consul = "127.0.0.1:8500"
template {
source = "/opt/haproxy/conf/haproxy.ctmpl"
destination = "/opt/haproxy/conf/haproxy.conf"
command = "/etc/init.d/haproxy reload"
}
EOF
3、 /opt/haproxy/conf/haproxy.ctmpl 配置
global
log 127.0.0.1 local0
#log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 50000
chroot /opt/haproxy
uid 99
gid 99
daemon
nbproc 2
pidfile /opt/haproxy/run/haproxy.pid
#debug
#quiet
defaults
mode tcp
option dontlognull
option forwardfor
option redispatch
retries 2
balance static-rr
stats enable
stats uri /ha?stats
timeout connect 3000
timeout client 50000
timeout server 50000
listen admin_stat
bind *:8888
mode http
#log global
stats refresh 30s
stats uri /admin?stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
frontend www
bind *:80
mode http
acl apache hdr(HOST) apache.zone.com
acl nginx hdr(HOST) nginx.zone.com
use_backend apache.qkazone.com if apache
use_backend nginx.qkazone.com if nginx
backend apache.zone.com
balance roundrobin
mode http
{{range service "apache-php-80"}}
server apache {{.Address}}:{{.Port}} check {{end}}
backend nginx.zone.com
mode http
balance roundrobin
{{range service "nginx-80"}}
server nginx {{.Address}}:{{.Port}} check {{end}}
listen login
bind *:9999
mode tcp
balance roundrobin
#log 127.0.0.1 local0 debug
{{range service "centos7"}}
server ssh {{.Address}}:{{.Port}} check {{end}}
4、配置consul-template haproxy 启动脚本 /etc/init.d/haproxy_ctmpl
undefined
5、设置开机启动,启动
chmod +x haproxy_ctmpl
chkconfig haproxy_ctmpl on
service haproxy_ctmpl start
6、consul-template nginx配置 /opt/consul/conf/nginx_ctmpl.json
cat > /opt/consul/conf/nginx_ctmpl.json << EOF
consul = "127.0.0.1:8500"
template {
source = "/etc/nginx/conf.d/nginx_web.ctmpl"
destination = "/etc/nginx/conf.d/nginx_web.conf"
command = "/usr/sbin/nginx -s reload"
}
EOF
7、/etc/nginx/conf.d/nginx_web.ctmpl 配置
upstream apache {
ip_hash;
# Refer: http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
# least_conn;
# least_time;
{{range service "apache-php-80"}}
server {{.Address}}:{{.Port}} fail_timeout=0;
{{end}}
keepalive 64;
}
server {
listen 80;
server_name apache.zone.com;
location / {
client_max_body_size 0;
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://apache/;
}
}
upstream nginx {
ip_hash;
# Refer: http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
# least_conn;
# least_time;
{{range service "nginx-80"}}
server {{.Address}}:{{.Port}} fail_timeout=0;
{{end}}
keepalive 64;
}
server {
listen 80;
server_name nginx.zone.com;
location / {
client_max_body_size 0;
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_pass http://nginx/;
}
}
8、配置consul-template nginx启动脚本 /etc/init.d/nginx_ctmpl
undefined
9、设置开机启动
chmod +x nginx_ctmpl
chkconfig nginx_ctmpl on
service nginx_ctmpl start
七、测试是否自动发现
docker run -ti -d -p :80 eboraas/apache-php
docker run -d -ti -p :80 nginx
1、打开 http://192.168.1.66:8500/ui/#/dc1/services
2、 http://192.168.1.23:8080/#/containers
查看shipyard 管理平台
账号admin密码 shipyard
3、haproxy
http://192.168.1.70:8888/admin?stats
http://192.168.1.71:8888/admin?stats
账号:admin 密码admin
最后:注意事项: consul registrator 是基于端口发现的不映射端口是发现不了的
consul 服务挂了整个宿主机运行应用将不可见。 registrator 是基于镜像名加端口服务
镜像名称为nginx 多端口暴露 对外发现的服务名称nginx-80 单个端口暴露就是镜像名称为服务名
像集群添加宿主机
consul registrator swarm-agent registrator 链接 consul 端口请使用宿主机的 consul 端口
使用其它机器端口如果其它机器挂了这台宿主机的应用不可被发现
Original: https://www.cnblogs.com/moonvan/p/6906727.html
Author: moonvan
Title: docker swarm 集群及可视化界面的安装及配置
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/534699/
转载文章受原作者版权保护。转载请注明原作者出处!