MODOP – Partie 5 – Installation « LoadBalancer » Cluster Réplicas

Aucun commentaire

Constitution du Cluster

  • node-minio-n01
  • node-minio-n02

Spécification des 2 nodes HA minIO

  • IP : 10.10.0.54 à 10.10.55
  • IP virtuelle : 10.100.56
  • DNS VIP : replicas-minio.house.cpb
  • vCPU : 2
  • RAM : 2Go
  • Disque : 8Go (Système)
  • OS : RockyLinux 8

1. Installation des prérequis (2 nodes)

Mise à jour

[root@node-minio-n0x ~]# dnf -y update

Installation des middlewares

[root@node-minio-n0x ~]# dnf install dnf-utils epel-release net-tools nmap curl wget tar –y

Désactiver SELinux

[root@node-minio-n0x ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@node-minio-n0x ~]# setenforce 0

Synchroniser DateTime sur le fuseau de PARIS

[root@node-minio-n0x ~]# timedatectl set-timezone Europe/Paris

Intégration des Hosts au DNS

[root@node-minio-n01 ~]# for i in {1..2} ; do nslookup node-minio-n0${i} ; done

[root@node-minio-n01 ~]# nslookup replicas-minio.house.cpb

Règle de Firewall

[root@node-minio-n0x ~]# firewall-cmd --remove-service={dhcpv6-client,cockpit} --permanent && firewall-cmd --reload
[root@node-minio-n0x ~]# firewall-cmd --add-port={9000,9001}/tcp --permanent && firewall-cmd --reload

2. Installation du « heartbeat » keepAlive (2 nodes)

Installation des binaires

[root@node-minio-n0x ~]# dnf install keepalived ipvsadm –y

Chargement du module ip_vs

[root@node-minio-h01 ~]# modprobe ip_vs
[root@node-minio-h01 ~]# lsmod |grep ip_vs

Configuration KeepAlive

[root@node-minio-n0x ~]# mv /etc/keepalived/keepalived.conf{,-old}

Node-minio-h01

[root@node-minio-n01 ~]# vi /etc/keepalived/keepalived.conf

! /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
 notification_email {
 chris@house.cpb
 }
 notification_email_from chris@house.cpb
 smtp_server localhost
 smtp_connect_timeout 30
 }

vrrp_instance VI_1 {
 state MASTER
 interface ens18
 virtual_router_id 100
 priority 200
 authentication {
  auth_type PASS
  auth_pass replicas@2024
 }

 virtual_ipaddress {
10.10.0.56/16 dev ens18
 }
}

Node-minio-h02

[root@node-minio-n02 ~]# vi /etc/keepalived/keepalived.conf

! /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
chris@house.cpb
}
 notification_email_from chris@house.cpb
 smtp_server localhost
 smtp_connect_timeout 30
}

vrrp_instance VI_1 {
 state BACKUP
 interface ens18
 virtual_router_id 100
 priority 199
authentication {
 auth_type PASS
 auth_pass replicas@2024
}

virtual_ipaddress {
10.10.0.56/16 dev ens18
 }
}

Ajout prérequis keepalived

[root@node-minio-n0x ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@node-minio-n0x ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1

Ajout règles Firewall « vrrp »

[root@node-minio-n0x ~]# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent --zone=public
[root@node-minio-n0x ~]# firewall-cmd --reload

Lancement du service

Node-minio-h01

[root@node-minio-n01 ~]# systemctl start --now keepalived
[root@node-minio-n01 ~]# systemctl enable keepalived
[root@node-minio-n01 ~]# systemctl status keepalived

[root@node-minio-n01 ~]# ip a show ens18

Node-minio-h02

[root@node-minio-n02 ~]# systemctl start --now keepalived
[root@node-minio-n02 ~]# systemctl enable keepalived
[root@node-minio-n02 ~]# systemctl status keepalived

[root@node-minio-h02 ~]# ip a show ens18

Check « HeartBeat »

Désactivons le master « node-minio-n01 » portant la VIP via la priorité la plus haute.

[root@node-minio-n01 ~]# systemctl stop keepalived
[root@node-minio-n01 ~]# ip a show ens18

[root@node-minio-h02 ~]# ip a show ens18

3. Installation Loadbalancer via « nginx » (2 nodes)

Installation des binaires

[root@node-minio-n0x ~]# dnf install nginx -y

Configuration nginx « loadbalancer »

[root@node-minio-n0x ~]# mv /etc/nginx/nginx.conf{,-old}

Node-minio-n01 et Node-minio-n02

[root@node-minio-n0x ~]# vi /etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
 worker_connections 1024;
}

http {
 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" "$http_x_forwarded_for"';
 access_log /var/log/nginx/access.log main;
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 65;
 types_hash_max_size 2048;
 include /etc/nginx/mime.types;
 default_type application/octet-stream;

### Serveur MinIO
 upstream api_minio {
 least_conn;
 server node-minio-r01.house.cpb:9000;
 server node-minio-r02.house.cpb:9000;
 server node-minio-r02.house.cpb:9000;
 }

 upstream replicas_minio {
 least_conn;
 server node-minio-r01.house.cpb:9001;
 server node-minio-r02.house.cpb:9001;
 server node-minio-r03.house.cpb:9001;
 }

 server {
 listen 80 default_server;
 server_name replicas-minio.house.cpb;

 ## Préconisation Minio
 ignore_invalid_headers off;
 client_max_body_size 0;
 proxy_buffering off;
 proxy_request_buffering off;

 location / {
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_connect_timeout 300;
 proxy_http_version 1.1;
 proxy_set_header Connection "";
 chunked_transfer_encoding off;
 proxy_pass http://api_minio;
 }

location /minio/ui/ {
 rewrite ^/minio/ui/(.*) /\ break;
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-NginX-Proxy true;

 # This is necessary to pass the correct IP to be hashed
 real_ip_header X-Real-IP;
 proxy_connect_timeout 300;

 # To support websockets in MinIO versions released after January 2023
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 chunked_transfer_encoding off;
 proxy_pass http://replicas_minio

 }
 }
}

Modification du fichier « /etc/default/minio » sur les 3 nœuds node-minio-r0x

[root@node-minio-r0x ~]# vi /etc/default/minio

# Variable spécifiant les hosts et les volumes par hosts
MINIO_VOLUMES="http://node-minio-r0{1...3}.house.cpb:9000/minio/replicat_0{1...4}"

#Paramètre du port de la console
MINIO_OPTS="--console-address :9001"

#Credentials
MINIO_ROOT_USER=replicatadmin
MINIO_ROOT_PASSWORD=replicatadmin

#Adresse VIP du LoadBalancer
MINIO_SERVER_URL=http://replicas-minio.house.cpb
MINIO_BROWSER_REDIRECT_URL=http://replicas-minio.house.cpb/minio/ui 
[root@node-minio-r01 ~]# systemctl restart minio.service
[root@node-minio-r02 ~]# systemctl restart minio.service
[root@node-minio-r03 ~]# systemctl restart minio.service

Lancement du service « nginx »

Node-minio-n01

[root@node-minio-n01 ~]# systemctl start nginx
[root@node-minio-h01 ~]# systemctl enable nginx
[root@node-minio-h01 ~]# systemctl status nginx

[root@node-minio-n01 ~]# netstat -antp

Node-minio-n02

[root@node-minio-n02 ~]# systemctl start nginx
[root@node-minio-n02 ~]# systemctl enable nginx
[root@node-minio-n02 ~]# systemctl status nginx

[root@node-minio-n02 ~]# netstat -antp

Connexion cluster replicas minIO via Nginx LB

  • http://replicas-minio.house.cpb

Views: 0

Étiquettes

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *