minio集群搭建
[TOC]
搭建minio集群
- 机器规划清单
| IP地址 | 角色 | minio端口 | web端口 | 操作系统 | 数据目录 |
|---|---|---|---|---|---|
| 10.30.3.231 | 节点1 | 9000 | 9100 | CentOS 7.9 x64 | /data/minio_9000 |
| 10.30.3.232 | 节点2 | 9000 | 9100 | CentOS 7.9 x64 | /data/minio_9000 |
| 10.30.3.233 | 节点3 | 9000 | 9100 | CentOS 7.9 x64 | /data/minio_9000 |
| 10.30.3.234 | 节点4 | 9000 | 9100 | CentOS 7.9 x64 | /data/minio_9000 |
注:Minio官方建议生产环境最少4个节点,而且这N个节点,至少有N/2个节点才能保证可读,至少有N/2+1个节点才能保证可写。比如,一个8节点的Minio集群,每个节点一块盘,即便4个节点同时宕机,这个集群仍然是可读的,不过需要5个节点才能写数据。
1.通用配置
- 1.1.所有节点:初始化工作,一定要配置时间同步,否则启动Minio会报错
#.1.配置dns并安装基础软件
sed -i 's/^nameserver.*/nameserver 223.5.5.5/g' /etc/resolv.conf
cat /etc/resolv.conf | grep "^nameserver" > /dev/null || echo "nameserver 223.5.5.5" > /etc/resolv.conf
yum install -y -q curl wget ntp ntpdate lrzsz telnet zip unzip net-tools
#.2.修改时区并同步时间
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate -u ntp.aliyun.com
#.3.建议禁用firewalld否则重启后需要iptable -F清除防火墙策略
/usr/sbin/iptables -F
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service
#.4.建议关闭selinux否则会限制服务
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
- 1.2.所有节点:挂载第2块硬盘并格式化(新版 minio 强制要求 集群部署必须使用挂载非 root 盘的目录),示例
/dev/sdb挂载到/mnt
mkfs.ext4 /dev/sdb
mkdir /mnt
mount -o noatime /dev/sdb /mnt
echo "/dev/sdb /data ext4 rw,noatime,data=ordered 0 0" >> /etc/fstab
cat /etc/fstab
df -Th | grep mnt
2.搭建minio集群
- 2.1.所有节点:下载 minio 2023-06-29
mkdir -p /mnt/minio_9000/{data,logs}
curl -L http://iso.sqlfans.cn/linux/minio.2023-06-29 -o /mnt/minio_9000/minio
chmod +x /mnt/minio_9000/minio
- 2.2.所有节点:配置启停脚本,示例节点
10.30.3.231、10.30.3.232、10.30.3.233、10.30.3.234
cat >/mnt/minio_9000/start.sh<<EOF
#!/bin/bash
export MINIO_ROOT_USER=minioadmin
export MINIO_ROOT_PASSWORD=minioadmin
pid=\$(ps -ef | grep minio | grep -v grep | wc -l)
if [ \$pid -eq 1 ]; then ps -ef | grep minio | grep -v grep | awk '{print \$2}' | xargs kill -9 2> /dev/null; fi
nohup /mnt/minio_9000/minio server http://10.30.3.231:9000/mnt/minio_9000/data http://10.30.3.232:9000/mnt/minio_9000/data http://10.30.3.233:9000/mnt/minio_9000/data http://10.30.3.234:9000/mnt/minio_9000/data --console-address=":9100" >/mnt/minio_9000/logs/minio.log 2>&1 &
EOF
chmod +x /mnt/minio_9000/start.sh
cat /mnt/minio_9000/start.sh | awk 'BEGIN{ RS=" "; } { print $1 }' | grep http
附:单节点请参考
./minio server /mnt/minio_9000/data --console-address=":9100"
- 2.3.所有节点:启动minio(9000即刻监听,而9100待所有节点启动后才被监听)
sh /mnt/minio_9000/start.sh
netstat -lnpt | grep minio
#.以appadmin用户启动
# groupadd appadmin
# useradd appadmin -g appadmin -d /home/appadmin -s /bin/bash
# echo 'Admin_147' | passwd appadmin --stdin
# cat /etc/sudoers | grep appadmin || echo "appadmin ALL=NOPASSWD:ALL" >> /etc/sudoers
# chown -R appadmin.appadmin /mnt/minio_9000
# su - appadmin -c "sh /mnt/minio_9000/start.sh" > /dev/null
- 2.4.所有节点:添加到开机启动
cat /etc/rc.local | grep minio || echo "sh /mnt/minio_9000/start.sh" >> /etc/rc.local
- 2.5.任意节点:登录 minio 页面控制台,示例
http://10.30.3.231:9100
地址:http://10.30.3.231:9100
账号:minioadmin
密码:minioadmin
3.灾难演练 - 模拟主机房故障
3.1.主机房:假设节点1、节点2在主机房,而节点3、节点4在备用机房。将节点1的的minio进程杀掉,此时minio集群可读、可写
3.2.主机房:将节点1和节点2的minio进程同时杀掉,模拟主机房故障或模拟N/2个节点同时故障
[root@10-30-3-231 ~]# ps -ef | grep minio | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
[root@10-30-3-232 ~]# ps -ef | grep minio | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
- 3.3.备用机房:登录节点3或节点4的minio控制台,确认此时minio能看到bucket、但bucket为空、也不能写,与预测的(可读不可写)不太一样。
遇到的问题
场景1:如何彻底卸载minio
cd /opt/
ps -ef | grep minio | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
rm -rf /mnt/minio*
sed -i '/minio/d' /etc/rc.local
场景2:启动minio报错 Error: Drive xxx is part of root drive
- 症状:2023.08.21,搭建4节点的minio集群,启动 minio 报错
Error: Drive xxx is part of root drive, will not be used (*errors.errorString),最后提示ERROR Unable to initialize backend: drive not found
[root@localhost ~]# ./minio server http://10.30.3.231:9000/data/minio_9000/data http://10.30.3.232:9000/data/minio_9000/data http://10.30.3.233:9000/data/minio_9000/data http://10.30.3.234:9000/data/minio_9000/data --console-address=":9100"
API: SYSTEM()
Time: 05:37:48 UTC 08/21/2023
Error: Drive `http://10.30.3.233:9000/data/minio_9000/data` is part of root drive, will not be used (*errors.errorString)
8: internal/logger/logger.go:258:logger.LogIf()
7: cmd/erasure-sets.go:1050:cmd.markRootDisksAsDown()
6: cmd/format-erasure.go:785:cmd.initFormatErasure()
5: cmd/prepare-storage.go:215:cmd.connectLoadInitFormats()
4: cmd/prepare-storage.go:304:cmd.waitForFormatErasure()
3: cmd/erasure-server-pool.go:103:cmd.newErasureServerPools()
2: cmd/server-main.go:860:cmd.newObjectLayer()
1: cmd/server-main.go:627:cmd.serverMain()
ERROR Unable to initialize backend: drive not found
- 原因:新版 minio 强制要求 集群部署必须使用挂载非 root 盘的目录
- 解决:挂载一块新的磁盘以供minio集群使用,示例
/dev/sdb挂载到/mnt
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 4.4G 0 rom
sda 8:0 0 40G 0 disk
├─sda2 8:2 0 39G 0 part
│ ├─centos-swap 253:1 0 3.9G 0 lvm [SWAP]
│ └─centos-root 253:0 0 35.1G 0 lvm /
└─sda1 8:1 0 1G 0 part /boot
sdb 8:16 0 20G 0 disk /mnt #.看这里
场景3:利用nginx配置minio集群的负载均衡
- 将如下内容保存为
minio.conf,并放到./conf.d/目录下面,然后nginx -s reload即可
upstream minio {
server 10.30.3.231:9000;
server 10.30.3.232:9000;
server 10.30.3.233:9000;
server 10.30.3.234:9000;
}
server {
listen 9000;
server_name minio.example.com;
client_max_body_size 0;
proxy_buffering off;
ignore_invalid_headers off;
location / {
proxy_pass http://minio;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
}
}
场景4:nacos如何配置minio
- 如果minio为单节点,那么在nacos配置的时候,直接使用minio的ip和端口
#minio配置
minio.endPoint=http://10.30.3.231:9000
minio.accessKey=minioadmin
minio.secretKey=minioadmin
minio.bucketName={your-bucket-name}
minio.expireTime=72
- 如果用nginx配置minio集群为负载均衡,那么可将nginx的ip和监听端口视为单节点的minio的ip和端口