Minio 高可用部署

Keepalived+Nginx 高可用搭建

安装主备 nginx

基础配置

# 1、设置时区
timedatectl set-timezone Asia/Shanghai
yum -y install ntpdate ntp
ntpdate cn.ntp.org.cn
systemctl restart ntpd && systemctl enable ntpd

# 2、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

# 3、关闭selinux
sed -i "/^SELINUX/s/enforcing/disabled/" /etc/selinux/config
setenforce 0

安装 pcre

# 1、安装依赖
yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel

# 2、安装pcre
wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
tar zxvf pcre-8.35.tar.gz 
mv pcre-8.35 /usr/local/ 
cd /usr/local/pcre-8.35
./configure
make && make install
pcre-config --version

安装 nginx

# 1、安装之前，最好检查一下是否已经安装有nginx
find -name nginx  

# 2、如果系统已经安装了nginx，那么就先卸载
yum remove nginx  

# 3、从官网下载最新版的nginx
wget http://nginx.org/download/nginx-1.9.5.tar.gz  
tar -zxvf nginx-1.9.5.tar.gz  
mv nginx-1.9.5 /usr/local/
cd  /usr/local/nginx-1.9.5 

# 4、使用--prefix参数指定nginx安装的目录,make、make install安装
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/pcre-8.35
make && make install    

# 5、启动
cd /usr/local/nginx/sbin
./nginx    // 启动

加入开机自启动

cd /lib/systemd/system/

vi nginx.service
[Unit]
Description=nginx service
After=network.target 

[Service] 
Type=forking 
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true 

[Install] 
WantedBy=multi-user.target

主备分别安装 Keepalived

yum 安装

yum -y install keepalived
systemctl enable keepalived   # 加入开机启动

# 安装成功后keepalived配置文件地址在：/etc/keepalived/keepalived.conf

配置Nginx检查脚本

vim /usr/local/keeplived/check_list

#!/bin/sh

nginxpid=$(ps -C nginx --no-header|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginxpid -eq 0 ];then
    systemctl start nginx
    sleep 3
    #2.等待3秒后再次获取一次Nginx状态
    nginxpid=$(ps -C nginx --no-header|wc -l) 
    #3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本  
    if [ $nginxpid -eq 0 ];then
        systemctl stop keepalived
   fi
fi

keepalived 配置

# 在两台机器上安装keeplived并分别配置。master配置(/etc/keepalived/keepalived.conf)：

global_defs {
   router_id minio1 #hostname 
}
vrrp_script chk_nginx {
    script "/usr/local/keeplived/check_list" #检测nginx的脚本
    interval 2 #每2秒检测一次
    weight -20 #如果某一个nginx宕机 则权重减20
}
vrrp_instance VI_1 {
    state MASTER #状态 MASTER BACKUP
    interface ens33 #绑定的网卡
    virtual_router_id 51 #虚拟路由的ID号,两个节点设置必须一样
    mcast_src_ip 192.168.2.245 #本机的IP
    priority 100  # 优先级，谁大谁是Master
    advert_int 1
# 设置验证信息，两个节点必须一致
    authentication {
        auth_type PASS
        auth_pass 10086
    }
 # 虚拟IP，两个节点设置必须一样。
    virtual_ipaddress {
        192.168.2.250  # VIP
    }
# nginx存活状态检测脚本
    track_script {
       chk_nginx
    }
}

backup配置(/etc/keepalived/keepalived.conf)：

global_defs {
   router_id minio2  #hostname 
}
vrrp_script chk_nginx {
    script "/usr/local/keeplived/check_list" #检测nginx的脚本
    interval 2 #每2秒检测一次
    weight -20 #如果某一个nginx宕机 则权重减20
}
vrrp_instance VI_1 {
    state BACKUP #状态 MASTER BACKUP
    interface ens33 #绑定的网卡
    virtual_router_id 51
    mcast_src_ip 192.168.2.246
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 10086
    }
    virtual_ipaddress {
        192.168.2.250  # VIP
    }

    track_script {
       chk_nginx
    }
}

测试 Keepalived

# 两台服务器启动 keepalived
systemctl restart keepalived

ip a 

# 关掉 mino1 查看 minio2 的 vip 是否转移到此机器上

搭建分布式 Minio

格式化文件系统

　　分布式Minio可以让你将多块硬盘（甚至在不同的机器上）组成一个对象存储服务。由于硬盘分布在不同的节点上，分布式Minio避免了单点故障。分布式Minio的好处如下：
数据保护

　　分布式Minio采用 纠删码来防范多个节点宕机和位衰减bit rot。分布式Minio至少需要4个硬盘，使用分布式Minio自动引入了纠删码功能。
高可用

　　单机Minio服务存在单点故障，相反，如果是一个有N块硬盘的分布式Minio,只要有N/2硬盘在线，你的数据就是安全的。不过你需要至少有N/2+1个硬盘来创建新的对象。
例如，一个16节点的Minio集群，每个节点16块硬盘，就算8台服務器宕机，这个集群仍然是可读的，不过你需要9台服务器才能写数据。

　　注意，只要遵守分布式Minio的限制，你可以组合不同的节点和每个节点几块硬盘。比如，你可以使用2个节点，每个节点4块硬盘，也可以使用4个节点，每个节点两块硬盘，诸如此类。
一致性

　　Minio在分布式和单机模式下，所有读写操作都严格遵守read-after-write一致性模型

查看磁盘情况

将磁盘挂入虚拟机后需要先将磁盘格式化，并建立文件系统（本文将一块磁盘建立一个分区）

fdisk -l 

建立磁盘分区

1、步骤一  对磁盘进行分区
# fdisk /dev/sdb  （回车）
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x48d97cfd.

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   g   create a new empty GPT partition table
   G   create an IRIX (SGI) partition table
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

  2、步骤二  列出当前分区使用情况
Command (m for help): p

Disk /dev/sdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x48d97cfd

   Device Boot      Start         End      Blocks   Id  System

3、步骤三  添加磁盘分区
Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 1 
// 起始扇区和Last扇区为区分磁盘分区大小的重要参数，如果需要将整个块作为一个分区使用默认值即可。如果需要精细化定制则计算分区大小。
First sector (2048-41943039, default 2048): 
Using default value 2048
// last扇区值可以使用：+扇区 的格式，例如：+2G 表示分配2G的分区
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): 
Using default value 41943039
Partition 1 of type Linux and of size 20 GiB is set

4、步骤四   保存/退出分区
// 参数w为保持当前分区，q为取消退出分区
Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

建立文件系统

1、步骤一  格式化（注意，分区格式化会造成数据丢失，一定要保障分区名称的正确性。）
mkfs.ext4 /dev/sdb1

2、步骤二  mount进行目录挂载
// 将创建的分区挂载到一个新的目录
mkdir /mnt/sdb1
// 将/dev/sdb1分区挂载到目录：/mnt/sdb1
mount /dev/sdb1 /mnt/sdb1
// 使用mount命令查看挂载情况
mount
/dev/sdb1 on /mnt/sdb1 type ext4 (rw,relatime,seclabel,data=ordered)
// 使用df命令查看磁盘使用情况
df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/sda1                485M  143M  343M  30% /boot
/dev/sdb1                 20G   45M   19G   1% /mnt/sdb1

3、步骤三  fstab进行永久挂载
// 通过mount挂载的目录是保存在内存中的，重启之后就不会生效了，所以要通过修改：/etc/fstab 配置文件进行永久挂载。
# vi  /etc/fstab
/dev/sdb1  /mnt/sdb1  ext4  defaults  0  0
// 说明：配置文件参数格式：[分区名称] [挂载目录名] [文件系统类型] [权限] [磁盘配额] [磁盘配额]

完成对sdb文件块格式化分区后，按照上述流程完成对sbc和另外一台服务器的分区格式化，然后两台服务器分区如下：

ls -l /dev/sd?
ls -l /dev/sd??

创建Minio实现分布式

　完成磁盘格式化分区后就可以创建分布式Minio了，创建之前需要注意以下几点：

1. 分布式Minio里所有的节点需要有同样的access秘钥和secret秘钥，这样这些节点才能建立联接。为了实现这个，你需要在执行minio server命令之前，先将access秘钥和secret秘钥export成环境变量。
2. 分布式Minio使用的磁盘里必须是干净的，里面没有数据。
3. 分布式Minio里的节点时间差不能超过3秒，你可以使用NTP 来保证时间一致。

# 1、分别在两台服务器下载Minio
wget https://dl.min.io/server/minio/release/linux-amd64/minio.RELEASE.2022-10-05T14-58-27Z

# 2、设置权限
chmod 755 minio
mv minio /usr/bin/

# 3、创建目录,编写启动脚本
mkdir /usr/local/minio -p
vim /usr/local/minio/run.sh
#!/bin/bash
export MINIO_ACCESS_KEY=admin
export MINIO_SECRET_KEY=Test123!

minio server --config-dir /usr/local/minio/conf \
http://192.168.2.245/mnt/sdb1 \
http://192.168.2.246/mnt/sdb1 
# 不加端口号默认 9000

# 4、编写启动服务
vi /usr/lib/systemd/system/minio.service
[Unit]
Description=Minio service
Documentation=https://docs.minio.io/

[Service]
WorkingDirectory=/usr/local/minio
ExecStart=/usr/local/minio/run.sh

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# 5、启动Minio
chmod +x /usr/local/minio/run.sh
systemctl start minio
systemctl status minio

6、加入开启启动
systemctl enable minio

修改Nginx配置文件实现负载均衡

# 修改nginx配置文件
vi /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    access_log  logs/access.log;
    sendfile        on;
    keepalive_timeout  65;
    #gzip  on;

    upstream minioserver {
        server 192.168.2.245:9000;
        server 192.168.2.246:9000;
    }

    server {
        listen       80;
        server_name  localhost;
        #access_log  logs/host.access.log  main;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_connect_timeout 300;
            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            chunked_transfer_encoding off;
            proxy_pass http://minioserver;
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

# 2、重启nginx
systemctl restart nginx

在两台 Minio 服务器修改配置并重启之后，就可以使用 VIP 进行访问了：

http://192.168.2.250/minio/login

账号为配置的：admin 密码：Test123!

容器快速部署

version: "3.7"
services:
  minio:
    image: "quay.io/minio/minio:RELEASE.2022-08-02T23-59-16Z"
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - "./minio/data1:/data1"
      - "./minio/data2:/data2"
      - "./minio/data3:/data3"
      - "./minio/data4:/data4"
    command: server --console-address ":9001" http://192.168.2.231:9000/data{1...4} http://192.168.2.232:9000/data{1...4} http://192.168.2.233:9000/data{1...4} http://192.168.2.234:9000/data{1...4}
    environment:
      - MINIO_ROOT_USER=admin
      - MINIO_ROOT_PASSWORD=Test123!
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3

部署负载均衡服务nginx

version: '3.7'
services:
  nginx:
    image: nginx:1.19.2-alpine
    hostname: nginx
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    ports:
      - "9000:9000"
      - "9001:9001"

nginx配置文件

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  4096;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;

    # include /etc/nginx/conf.d/*.conf;

    upstream minio {
        server 192.168.2.231:9000;
        server 192.168.2.232:9000;
        server 192.168.2.233:9000;
        server 192.168.2.234:9000;
    }
 
   upstream console {
        ip_hash;
        server 192.168.2.231:9001;
        server 192.168.2.232:9001;
        server 192.168.2.233:9001;
        server 192.168.2.234:9001;
    }

    server {
        listen       9000;
        listen  [::]:9000;
        server_name  localhost;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        proxy_request_buffering off;

        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_connect_timeout 300;
            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            chunked_transfer_encoding off;
            proxy_pass http://minio;
        }
    }

    server {
        listen       9001;
        listen  [::]:9001;
        server_name  localhost;
        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        proxy_request_buffering off;
        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;
            # This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;
            proxy_connect_timeout 300;
            
            # To support websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            
            chunked_transfer_encoding off;
            proxy_pass http://console;
        }
    }
}