rancher-server容器HA部署

目标：

部署rancher-server容器haproxy（单节点部署）

准备：

mairadb
haproxy
docker.io/rancher/server容器

过程：

创建server服务高可用集群：

[root@server ~]# docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 docker.io/ranche r/server:latest --db-host 192.168.1.102 --db-port 3306 --db-user cattle --db-pass cattle --db-name cattle --adv ertise-address 192.168.1.102
[root@server ~]# docker run -d --restart=unless-stopped -p 8081:8080 -p 9346:9345 docker.io/rancher/server:latest --db-host 192.168.1.102 --db-port 3306 --db-user cattle --db-pass cattle --db-name cattle --advertise-address 192.168.1.102 --advertise-http-port 8081

重命名容器：

[root@server ~]# docker rename brave_poitras server0
[root@server ~]# docker rename compassionate_shannon server1
[root@server ~]# docker ps -a
CONTAINER ID        IMAGE                             COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
5930b51da390        docker.io/rancher/server:latest   "/usr/bin/entry --..."   4 minutes ago       Up 38 seconds       3306/tcp, 0.0.0.0:8081->8080/tcp, 0.0.0.0:9346->9345/tcp   server1
ec43c986dca7        docker.io/rancher/server:latest   "/usr/bin/entry --..."   12 minutes ago      Up 12 minutes       0.0.0.0:8080->8080/tcp, 3306/tcp, 0.0.0.0:9345->9345/tcp   server0

访问容器：

访问server:8080或者8081端口（看到的是相同的内容）

server.JPG

安装haproxy服务：

[root@server ~]# yum -y install haproxy

配置文件为：

[root@server ~]# cat /etc/haproxy/haproxy.cfg                                                                  
global
  maxconn 4096
  ssl-server-verify none

defaults
  mode http
  balance roundrobin
  option redispatch
  option forwardfor

 timeout connect 5s
  timeout queue 5s
  timeout client 36000s
  timeout server 36000s

frontend http-in
  mode tcp
  #bind *:443 ssl crt /etc/haproxy/certificate.pem
  bind *:80 
#监听的端口,就是haproxy的端口
  default_backend rancher_servers

 acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws
  use_backend rancher_servers if is_websocket

backend rancher_servers
  server websrv1 192.168.1.102:8080 weight 1 maxconn 1024
  server websrv2 192.168.1.102:8081 weight 1 maxconn 1024

启动haproxy服务：
好像有警告，没关系先不管

[root@server ~]# haproxy -f /etc/haproxy/haproxy.cfg
[WARNING] 168/055051 (32989) : config : 'option forwardfor' ignored for frontend 'http-in' as it requires HTTP mode.

访问haproxy服务：
地址为server:80,访问到的是rancher-server服务

haproxy80.JPG

测试haproxy效果：

当高可用集群中至少有一个节点还在运行，服务就不会停止。
可以分别关掉一个和最后一个服务后，查看效果。

当关闭最后一个服务时，再次访问80端口就会有一下提示：

[root@server ~]# curl server:80
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>

过程中遇到的问题：

[root@server ~]# docker run -d --restart=unless-stopped -p 8080:8080 rancher/server
6c60e9070c1db870a460474d9d272f3008c74b2508864a42215935f40ec69766
/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint loving_davinci (df72d5fbab68e843477ad9e22c24d546a06b71d422c7232c6e99a12fb5dd9168):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8080 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0: iptables: No chain/target/match by that name.
 (exit status 1)).
[root@server ~]# docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 docker.io/rancher/server:late
st --db-host 192.168.1.102 --db-port 3306 --db-user cattle --db-pass cattle --db-name cattle --advertise-addres
s 192.168.1.102
b87ac83f63ed87772f7da779832ea16f2b767e1fdf2eca7793443afe87b57d13
/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint confident_davinci (284fa92ff1667122cbeb98ef23ad3123c2270f587b7e412f5e143a757a29f056):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 9345 -j DNAT --to-destination 172.17.0.2:9345 ! -i docker0: iptables: No chain/target/match by that name.
 (exit status 1)).
[root@server ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:0a:0c:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.102/24 brd 192.168.1.255 scope global dynamic eno16777728
       valid_lft 5967sec preferred_lft 5967sec
    inet6 fe80::20c:29ff:fe0a:c9e/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:78:46:9c:0d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever

原因：
docker0设备状态为DOWN。
解决方法：
重启docker服务或者手动启动设备docker0。