摘要：停掉一臺，查看負(fù)載均衡健康檢查是否正常搭建集群創(chuàng)建需使用的數(shù)據(jù)庫啟動訪問增加訪問控制。給配置負(fù)載均衡，增加配置重啟訪問添加主機(jī)，添加容器，測試是否正常，惡意掉容器或者關(guān)閉機(jī)器，查看整個(gè)集群是否正常。

下載centos最新版, http://mirrors.sohu.com/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1708.iso

最小化安裝

配置網(wǎng)絡(luò)

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=95a50ea2-3ad5-4601-9f80-93b7f1913eab
DEVICE=enp0s3
ONBOOT=yes
IPADDR=192.168.0.106
NETMASK=255.255.255.0
GATEWAY=192.168.0.1

安裝常用工具，wget、vim、curl

修改yum源，http://mirrors.163.com/.help/centos.html

cd /etc/yum.repos.d/
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
yum clean all
yum makecache

安裝docker,選擇社區(qū)版https://docs.docker.com/install/linux/docker-ce/centos/

#安裝所需的包
sudo yum install -y yum-utils 
  device-mapper-persistent-data 
  lvm2
#添加源  
sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo
# 安裝docker-ce
sudo yum install docker-ce
#啟動Docker
sudo systemctl start docker
#docker通過運(yùn)行hello-world 映像驗(yàn)證安裝是否正確
sudo docker run hello-world

如果被墻，不能連接download.docker.com，則可以下載該 .rpm文件手動安裝

修改鏡像源

vim /etc/docker/daemon.json
#增加一行 {"registry-mirrors": ["https://fu1ctwn9.mirror.aliyuncs.com"]}
sudo systemctl daemon-reload
sudo systemctl restart docker

#或者
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://你的的地址.m.daocloud.io

準(zhǔn)備至少三臺機(jī)器。

node0 192.168.0.106
node1 192.168.0.107
node2 192.168.0.108

使用galera cluster保證高可用和高一致性，mariadb 10.1起默認(rèn)安裝了galera,

不要用mariadb 10.3，目前rancher sql語句有bug，已提給rancher官方。

docker run -d --name mariadb-cluster0 -p 3306:3306 -p 4567:4567 -p 4568:4568 -p 4444:4444 -v /home/docker/mariadb/conf:/etc/mysql/conf.d -v /home/docker/mariadb/cluster0/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=20053140 mariadb:10.2

mariadb默認(rèn)配置文件

[mysqld]
server_id=100
pid-file    = /var/run/mysqld/mysqld.pid
socket        = /var/run/mysqld/mysqld.sock
port        = 3306
basedir        = /usr
datadir        = /var/lib/mysql
log-error=/var/log/mysqld.log
user=mysql

default-time-zone=UTC
#默認(rèn)存儲字符集編碼格式
character-set-server=utf8
#禁止域名解析的
skip_name_resolve
#確保二進(jìn)制日志格式設(shè)置為使用行級復(fù)制，而不是語句級復(fù)制
binlog_format=ROW
#確保mysqld沒有綁定到127.0.0.1
bind-address=0.0.0.0 

#最大連接數(shù)
max_connections     = 500
connect_timeout     = 5
wait_timeout        = 600
max_allowed_packet  = 16M
thread_cache_size   = 128
sort_buffer_size    = 4M
bulk_insert_buffer_size =16M
tmp_table_size      = 32M
max_heap_table_size = 32M

#確保默認(rèn)存儲引擎是InnoDB，Galera不適用于MyISAM或其他非事務(wù)性存儲引擎
default_storage_engine=innodb
#確保用于生成自動增量值的InnoDB鎖定模式設(shè)置為交替鎖定模式
innodb_autoinc_lock_mode=2
#確保將InnoDB日志緩沖區(qū)每秒寫入一次文件，而不是每次提交，以提高性能。
innodb_flush_log_at_trx_commit=0
innodb_buffer_pool_size=2G

#log-bin=/app/galera/mysql-bin  #如果不接從庫，注釋掉  
#log_slave_updates=1         #如果不接從庫，注釋掉

[galera]
#節(jié)點(diǎn)應(yīng)用完事務(wù)才返回查詢請求  
wsrep_causal_reads=ON
#同步復(fù)制緩沖池
wsrep_provider_options="gcache.size=300M;gcache.page_size=300M"  
#為沒有顯式申明主鍵的表生成一個(gè)用于certificationtest的主鍵，默認(rèn)為ON  
wsrep_certify_nonPK=ON   
#開啟全同步復(fù)制模式
wsrep_on=ON
#galera library  
wsrep_provider=/usr/lib/galera/libgalera_smm.so 
wsrep_sst_auth=syncuser:syncuser
#wsrep_sst_method=xtrabackup-v2
wsrep_sst_method=rsync
#開啟并行復(fù)制線程，考慮使用兩倍的CPU內(nèi)核數(shù)量,默認(rèn)1
wsrep_slave_threads=1
wsrep_cluster_name=MariaDB-Galera-Cluster
#galera cluster URL 
#wsrep_cluster_address="gcomm://192.168.0.106:4567,192.168.0.107:4567,192.168.0.108:4567"
#節(jié)點(diǎn)名稱
wsrep_node_name=mariadb-0 
wsrep_node_address=192.168.0.106

進(jìn)去容器添加用戶

[root@localhost cluster0]# docker exec -it 929 bash
root@92902e6ff803:/# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 8
Server version: 10.3.5-MariaDB-10.3.5+maria~jessie mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type "help;" or "h" for help. Type "c" to clear the current input statement.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO "root"@"%"IDENTIFIED BY "20053140" WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO "syncuser"@"%"IDENTIFIED BY "syncuser" WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)

其他節(jié)點(diǎn)啟動容器后，重復(fù)添加用戶操作

docker run -d --name mariadb-cluster0 -p 3306:3306 -p 4567:4567 -p 4568:4568 -p 4444:4444 -v /home/docker/mariadb/conf:/etc/mysql/conf.d -v /home/docker/mariadb/cluster0/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=20053140 mariadb:10.2

解開 wsrep_cluster_address 注釋,修改 wsrep_node_name 和 wsrep_node_address

刪除所有mariadb容器，重新run.

--wsrep-new-cluster 只有在第一次集群,第一個(gè)節(jié)點(diǎn),才需要加上,下次啟動不需要此參數(shù)

cluster0

docker run -d --name mariadb-cluster0 -p 3306:3306 -p 4567:4567 -p 4568:4568 -p 4444:4444 -v /home/docker/mariadb/conf:/etc/mysql/conf.d -v /home/docker/mariadb/cluster0/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=20053140 mariadb:10.2 --wsrep-new-cluster

cluster1

docker run -d --name mariadb-cluster1 -p 3306:3306 -p 4567:4567 -p 4568:4568 -p 4444:4444 -v /home/docker/mariadb/conf:/etc/mysql/conf.d -v /home/docker/mariadb/cluster0/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=20053140 mariadb:10.2

cluster2

docker run -d --name mariadb-cluster2 -p 3306:3306 -p 4567:4567 -p 4568:4568 -p 4444:4444 -v /home/docker/mariadb/conf:/etc/mysql/conf.d -v /home/docker/mariadb/cluster0/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=20053140 mariadb:10.2

進(jìn)入任意一臺容器的mysql

MariaDB [(none)]> SHOW STATUS LIKE "wsrep_cluster_size";
+--------------------+-------+
| Variable_name      | Value |
+--------------------+-------+
| wsrep_cluster_size | 3     |
+--------------------+-------+
1 row in set (0.000 sec)

配合外部負(fù)載均衡，保證外部使用高可用

添加haproxy用戶用于haproxy監(jiān)控檢查

MariaDB [(none)]> SET sql_mode = "STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION";
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO "haproxy"@"192.168.0.104"IDENTIFIED BY "" WITH GRANT OPTION;
Query OK, 0 rows affected (0.005 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.013 sec)

haproxy配置文件

global  
    chroot /usr/local  
    daemon  
    nbproc 1   
    pidfile /opt/haproxy/logs/haproxy.pid  
    ulimit-n 65536  
    #spread-checks 5m   
    #stats timeout 5m  
    #stats maxconn 100  
  
########默認(rèn)配置############  
defaults  
    mode tcp              
    retries 3              #兩次連接失敗就認(rèn)為是服務(wù)器不可用，也可以通過后面設(shè)置  
    option redispatch      #當(dāng)serverId對應(yīng)的服務(wù)器掛掉后，強(qiáng)制定向到其他健康的服務(wù)器  
    option abortonclose    #當(dāng)服務(wù)器負(fù)載很高的時(shí)候，自動結(jié)束掉當(dāng)前隊(duì)列處理比較久的鏈接  
    maxconn 32000          #默認(rèn)的最大連接數(shù)  
    timeout connect 5000ms #連接超時(shí)  
    timeout client 30000ms #客戶端超時(shí)  
    timeout server 30000ms #服務(wù)器超時(shí)  
    timeout check 2000    #心跳檢測超時(shí)  
    log 127.0.0.1 local0 err #[err warning info debug]  

listen stats     #監(jiān)控
   mode http
   bind 0.0.0.0:8888
   stats enable
   stats uri /stats
   stats realm Global statistics
   stats auth admin:admin
   
########MariaDB配置#################  
listen mariadb  
    bind 0.0.0.0:23306  
    mode tcp 
    option mysql-check user haproxy #mysql健康檢查  haproxy為mysql登錄用戶名
    balance roundrobin  
    server s1 192.168.0.106:3306 weight 1 maxconn 10000 check inter 10s  
    server s2 192.168.0.107:3306 weight 1 maxconn 10000 check inter 10s  
    server s3 192.168.0.108:3306 weight 1 maxconn 10000 check inter 10s 

啟動haproxy容器

docker run -d --name haproxy -p 23306:23306 -p 8888:8888 -v /data/syncthing/dongxu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7

添加測試數(shù)據(jù)，測試數(shù)據(jù)同步是否正常，惡意kill掉容器，或關(guān)掉一臺機(jī)器，測試數(shù)據(jù)是否正常，恢復(fù)機(jī)器恢復(fù)容器查看數(shù)據(jù)是否恢復(fù)正常，負(fù)載均衡是否正常。

停掉一臺node3，查看負(fù)載均衡健康檢查是否正常

創(chuàng)建rancher需使用的數(shù)據(jù)庫

CREATE DATABASE IF NOT EXISTS cattle COLLATE = "utf8_general_ci" CHARACTER SET = "utf8";
GRANT ALL ON cattle.* TO "cattle"@"%" IDENTIFIED BY "cattle";
GRANT ALL ON cattle.* TO "cattle"@"localhost" IDENTIFIED BY "cattle";

啟動rancher

node1

docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server 
     --db-host 192.168.0.104 --db-port 23306 --db-user root --db-pass 20053140 --db-name cattle 
     --advertise-address 192.168.0.106

訪問192.168.0.106:8080,增加訪問控制。

node2

docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server 
     --db-host 192.168.0.104 --db-port 23306 --db-user root --db-pass 20053140 --db-name cattle 
     --advertise-address 192.168.0.107

node3

docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server 
     --db-host 192.168.0.104 --db-port 23306 --db-user root --db-pass 20053140 --db-name cattle 
     --advertise-address 192.168.0.108     

給rancher配置負(fù)載均衡，haproxy.cfg增加配置

frontend http-in
    mode http
    bind *:28080
    #bind *:8080 ssl crt /etc/haproxy/certificate.pem
    default_backend rancher_servers

    # Add headers for SSL offloading
    #http-request set-header X-Forwarded-Proto https if { ssl_fc }
    #http-request set-header X-Forwarded-Ssl on if { ssl_fc }

    acl is_websocket hdr(Upgrade) -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    use_backend rancher_servers if is_websocket

backend rancher_servers
    mode http
    option httpchk HEAD /login HTTP/1.0
    server websrv106 192.168.0.106:8080 weight 1 maxconn 1024 check
    server websrv107 192.168.0.107:8080 weight 1 maxconn 1024 check
    server websrv108 192.168.0.108:8080 weight 1 maxconn 1024 check

重啟haproxy

docker run -d --restart=unless-stopped --name haproxy -p 23306:23306 -p 8888:8888 -p 28080:28080 -v /data/syncthing/dongxu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7

訪問192.168.0.104:28080添加主機(jī)，添加容器，測試rancher是否正常，惡意kill掉rancher server容器或者關(guān)閉機(jī)器，查看整個(gè)集群是否正常。