Docker + keepalived 部署 Nginx 主从
实验环境dockerhost01 192.168.10.150
dockerhost02 192.168.10.151
vip 192.168.10.200
全新镜像,神马都没有,连sshd都没开,容我安装下
开启SSH
sudo apt-get install openssh-client openssh-server
sudo service ssh restart
安装docker
先卸载旧版本
sudo apt-get remove docker docker-engine docker.io
http://i2.运维网.com/images/blog/201810/12/a956ca31d9765a0f96dcc4e47a841df0.jpg
设置repo
sudo apt-get update
http://i2.运维网.com/images/blog/201810/12/ac437ccd7966f7300bc60cfa25e95368.jpg
允许package 使用repo over HTTPS
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
http://i2.运维网.com/images/blog/201810/12/85e0ca0529f7efc290943510802b25d2.jpg
添加GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
http://i2.运维网.com/images/blog/201810/12/aa25193c513388d2b8db8cf07d9c0a6f.jpg
验证下指纹
sudo apt-key fingerprint 0EBFCD88
http://i2.运维网.com/images/blog/201810/12/acaf10c7c51c54448aeebf06ef1824d0.jpg
在repo中只使用stable版本
sudo add-apt-repository \
"deb https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
开始安装最新版docker ce
sudo apt-get update
sudo apt-get install docker-ce
sudo docker run hello-world
http://i2.运维网.com/images/blog/201810/12/45e253be5251238116469289b65845d2.jpg
安装指定版本docker ce
apt-cache madison docker-ce
sudo apt-get install docker-ce=
http://i2.运维网.com/images/blog/201810/12/908c23d1ddb43ad8e5f296d34df52aaf.jpg
下载nginx 镜像
sudo docker pull nginx:1.7.6
mkdir -p /tmp/docker
sudo echo "This is nginx container running on 192.168.10.150static files:/tmp/docker/index.html" > /tmp/docker/index.html
sudo docker run --name nginx_m --restart=always -v /tmp/docker:/usr/share/nginx/html:ro -p 80:80 -d nginx:1.7.6
http://i2.运维网.com/images/blog/201810/12/bf1f41eb0a04370fa4b6f84a00c7a95d.jpg
sudo docker ps
http://i2.运维网.com/images/blog/201810/12/68428bcbdac8db16772ef802ba3fa9a3.jpg
宿主机器访问下,2台主机都正常启动nginx了
http://i2.运维网.com/images/blog/201810/12/6efb2ef67b6c118496d5934c5c06b370.jpg
http://i2.运维网.com/images/blog/201810/12/f8a53018c3370565d26c09ec2829ed00.jpg
安装keepalived
sudo apt-get update
sudo apt-get install -y libssl-dev openssl libpopt-dev
sudo apt-get install -y keepalived
sudo cp /usr/share/doc/keepalived/samples/keepalived.conf.sample /etc/keepalived/keepalived.conf
sudo vi /etc/keepalived/keepalived.conf
改这3个地方就好了
http://i2.运维网.com/images/blog/201810/12/ece47c7f6692896656e6e8ffc5df2c1e.png
host01 中出现了10.200的vip
http://i2.运维网.com/images/blog/201810/12/3e7933182d4c9c8d9ad45d8bbb7d0871.jpg
vip指向150,访问正常
http://i2.运维网.com/images/blog/201810/12/6886216b2b8a8ed59f751297da575c61.jpg
http://i2.运维网.com/images/blog/201810/12/39989e002973822572a60b218590ff9f.jpg
sudo service keepalived status -l
host02 从backup 变成了master
http://i2.运维网.com/images/blog/201810/12/3404975df0140593eea5d1294f5d6294.jpg
host01网卡停掉之后,vip跑到了host02上
http://i2.运维网.com/images/blog/201810/12/fdd23b14606c0c8823194eae7b82e4f1.jpg
访问192.168.10.200的主机,显示nginx跑在了10.151上
http://i2.运维网.com/images/blog/201810/12/967d534ae128eca4e2f16255e0afaac0.jpg
当然主从可以设置weight 和nopreempt来设置是否夺权重新选举
当两个节点上的业务服务都处于启动状态,如httpd,那么优先级变化会如下:
http://i2.运维网.com/images/blog/201810/12/e6a5abeb7d05030e880141e8a9f62df8.jpg
当master节点业务启动,backup节点业务为停止状态,如,haproxy(因为haproxy没有监听的地址是无法启动的,其实很多业务都是两个节点一启一停的)
http://i2.运维网.com/images/blog/201810/12/601f7776bbd853842c99f4c0f9c0fdac.jpg
从架构来看,docker+nginx主从并不能够提供负载冗余功能,因为始终后台只有一台,只能够提供高可用,这个与我当时想法有所出入,所以目测整个解决方案只适合轻量化访问,但是轻量化的访问又不值得搞这两台主机做主备,做单机么又怕单点故障,所以整个解决方案比较尴尬
至于实验,整个实验和之前keepalived+nginx的实验并没有太大区别,只是nginx跑在了docker上而已,docker的优势并没有发挥出来,新的架构容我三思
页:
[1]