文章目录
- 项目名称:基于Docker Swarm的高可用Web集群
- 网络拓扑图
- 数据流程图
- 项目环境:Docker 20.10.3,CentOS 8.2(8台 1核1G),Ansible 2.9.17,Keepalived,Nginx 1.19.7,NFS
- 项目描述:
- 项目步骤:
-
- 1.规划设计整个集群的架构、网络拓扑,安装好8台CentOS 8.2的系统,部署好Ansible服务器,在所有的机器之间配置ssh免密通道;
- 2.负载均衡器部署好Keepalived,为内网提供网关,实现内网访问外网的功能;
- 3.编写好制作Nginx容器 镜像的脚本(编译安装Nginx),指定参数(如:安装路径等),里面可以使用netstat,vim,ping,ip等命令;
- 4.编写好部署Docker,Docker镜像,Nginx,Keepalived,NFS的脚本,编写Ansible的Playbook实现批量部署;
- 5.前端使用Nginx做负载均衡、Keepalived的双vip实现高可用,后端使用Swarm来实现负载均衡和高可用;
- 6.使用NFS服务为所有的Docker节点提供相同的Web数据,实现数据一致性;
- 7.后端采用Swarm来管理整个Docker集群,在Swarm manager节点上创建40个Nginx容器的副本,并使用Volume(挂载目录到NFS服务器下)来提供Web服务,达到所有容器都使用相同的数据;
- 8.访问测试、整理文档。
- 项目心得:
个人博客
https://blog.csdn.net/cPen_web
项目名称:基于Docker Swarm的高可用Web集群
网络拓扑图
数据流程图
项目环境:Docker 20.10.3,CentOS 8.2(8台 1核1G),Ansible 2.9.17,Keepalived,Nginx 1.19.7,NFS
项目描述:
实现一个高可用的负载均衡Web服务器集群,融入Ansible实现自动化运维,后端采用Swarm管理的Docker集群来提供Web服务,大量使用容器来完成Web服务的扩展性、高可用性。
项目步骤:
1.规划设计整个集群的架构、网络拓扑,安装好8台CentOS 8.2的系统,部署好Ansible服务器,在所有的机器之间配置ssh免密通道;
[root@ansible ~]# ssh-keygen -t ecdsa # 生成密钥对
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.210 # loadbalancer-1
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.220 # loadbalancer-2
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.10 # NFS-Server
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.1 # Swarm manager1
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.2 # Swarm node2
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.3 # Swarm node3
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub 192.168.55.4 # Swarm node4
目的:让内网能够ping通外网
[root@loadbalancer-1 ~]# vim iptables_snat.sh
#!/bin/bash
service firewalld stop
systemctl disable firewalld
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 192.168.55.0/24 -o ens33 -j SNAT --to-source 192.168.0.198
#iptables -t nat -A POSTROUTING -s 192.168.55.0/24 -o ens33 -j MASQUERADE
[root@loadbalancer-1 ~]# bash iptables_snat.sh
[root@loadbalancer-2 ~]# vim iptables_snat.sh
#!/bin/bash
service firewalld stop
systemctl disable firewalld
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 192.168.55.0/24 -o ens33 -j SNAT --to-source 192.168.0.199
#iptables -t nat -A POSTROUTING -s 192.168.55.0/24 -o ens33 -j MASQUERADE
[root@loadbalancer-2 ~]# bash iptables_snat.sh
2.负载均衡器部署好Keepalived,为内网提供网关,实现内网访问外网的功能;
目的:让内网能够ping通外网
[root@loadbalancer-1 ~]# yum install keepalived -y
[root@loadbalancer-1 ~]# vim /etc/keepalived/keepalived.conf
[root@loadbalancer-1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_3 {
state MASTER
interface ens33
virtual_router_id 201
priority 110
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.55.254
}
}
[root@loadbalancer-1 ~]# service keepalived restart
[root@loadbalancer-2 ~]# yum install keepalived -y
[root@loadbalancer-2 ~]# vim /etc/keepalived/keepalived.conf
[root@loadbalancer-2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc