云原生|对象存储|minio分布式集群的搭建和初步使用(可用于生产)

前言:

minio作为轻量级的对象存储服务安装还是比较简单的,但分布式集群可以大大提高存储的安全性,可靠性。分布式集群是在单实例的基础上扩展而来的

minio的分布式集群有如下要求:

  • 所有运行分布式 MinIO 的节点需要具有相同的访问密钥和秘密密钥才能连接。建议在执行 MINIO 服务器命令之前,将访问密钥作为环境变量,MINIO access key 和 MINIO secret key 导出到所有节点上 。
  • Minio 创建4到16个驱动器的擦除编码集。
  • Minio 选择最大的 EC 集大小,该集大小除以给定的驱动器总数。 例如,8个驱动器将用作一个大小为8的 EC 集,而不是两个大小为4的 EC 集 。
  • 建议所有运行分布式 MinIO 设置的节点都是同构的,即相同的操作系统、相同数量的磁盘和相同的网络互连 。
  • 运行分布式 MinIO 实例的服务器时间差不应超过15分钟。

单实例部署可以见我原来写的博文:Linux|minio对象存储服务的部署和初步使用总结_linux部署minio-CSDN博客

首先,minio的安装部署方式很多,可以使用docker,二进制,rpm 亦或者集成部署在kubernetes内,综合各种部署方式的优劣,本文选择rpm安装部署,该方式其实和二进制没什么太大区别,但足够简单,省去了很多麻烦。

其次就是minio的drive问题,minio要求ta使用的存储空间也就是drive必须是一个空的,单独挂载的磁盘,那么,有时候根据我们的使用目的,比如,我仅仅需要velero这个工具通过minio来存储kubernetes的备份文件,那么,对存储空间的要求就没有那么高了,因此,本文采用的是虚拟磁盘的挂载技术

最后,就是minio的console-address的问题,每一个minio单实例都集成有console,也就是web控制台,该控制台配置文件里不显式写也会启动,但端口是随机的,如果你需要更安全,那么,建议不写console,让ta自动分配随机端口,需要使用console的时候,通过日志来查询后使用

本次实践是使用的VMware虚拟机,VMware虚拟机服务器总计四台,IP分别是192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14,操作系统是centos-7.7,minio的版本为minio-20230413030807.0.0.x86_64

一,

minio集群的环境初始化

这些都是老生常谈的问题,就不在此详细说明了,防火墙关闭,selinux关闭,时间服务器,本集群无需内部域名映射

内核优化(每个节点都执行):

bash 复制代码
cat > /etc/sysctl.d/minio.conf <<EOF
# maximum number of open files/file descriptors
fs.file-max = 4194303
# use as little swap space as possible
vm.swappiness = 1
# prioritize application RAM against disk/swap cache
vm.vfs_cache_pressure = 50
# minimum free memory
vm.min_free_kbytes = 1000000
# follow mellanox best practices https://community.mellanox.com/s/article/linux-sysctl-tuning
# the following changes are recommended for improving IPv4 traffic performance by Mellanox
# disable the TCP timestamps option for better CPU utilization
net.ipv4.tcp_timestamps = 0
# enable the TCP selective acks option for better throughput
net.ipv4.tcp_sack = 1
# increase the maximum length of processor input queues
net.core.netdev_max_backlog = 250000
# increase the TCP maximum and default buffer sizes using setsockopt()
net.core.rmem_max = 4194304
net.core.wmem_max = 4194304
net.core.rmem_default = 4194304
net.core.wmem_default = 4194304
net.core.optmem_max = 4194304
# increase memory thresholds to prevent packet dropping:
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
# enable low latency mode for TCP:
net.ipv4.tcp_low_latency = 1
# the following variable is used to tell the kernel how much of the socket buffer
# space should be used for TCP window size, and how much to save for an application
# buffer. A value of 1 means the socket buffer will be divided evenly between.
# TCP windows size and application.
net.ipv4.tcp_adv_win_scale = 1
# maximum number of incoming connections
net.core.somaxconn = 65535
# maximum number of packets queued
net.core.netdev_max_backlog = 10000
# queue length of completely established sockets waiting for accept
net.ipv4.tcp_max_syn_backlog = 4096
# time to wait (seconds) for FIN packet
net.ipv4.tcp_fin_timeout = 15
# disable icmp send redirects
net.ipv4.conf.all.send_redirects = 0
# disable icmp accept redirect
net.ipv4.conf.all.accept_redirects = 0
# drop packets with LSR or SSR
net.ipv4.conf.all.accept_source_route = 0
# MTU discovery, only enable when ICMP blackhole detected
net.ipv4.tcp_mtu_probing = 1
EOF
sysctl -p /etc/sysctl.d/minio.conf
# `Transparent Hugepage Support`*: This is a Linux kernel feature intended to improve
# performance by making more efficient use of processor's memory-mapping hardware.
# But this may cause https://blogs.oracle.com/linux/performance-issues-with-transparent-huge-pages-thp
# for non-optimized applications. As most Linux distributions set it to `enabled=always` by default,
# we recommend changing this to `enabled=madvise`. This will allow applications optimized
# for transparent hugepages to obtain the performance benefits, while preventing the
# associated problems otherwise. Also, set `transparent_hugepage=madvise` on your kernel
# command line (e.g. in /etc/default/grub) to persistently set this value.
echo "Enabling THP madvise"
echo madvise | sudo tee /sys/kernel/mm/transparent_hugepage/enabled

二,

minio集群的drive创建

每个节点都执行,这里是每个虚拟磁盘1G,分别挂载到/data1目录下的,如果是生产环境,建议 vim /etc/fstab 固化挂载

使用的普通用户minio-user 设置不可登陆,并赋予相关目录该用户的属组

bash 复制代码
mkdir -p /data1/minio{1..4}
groupadd -r minio-user
useradd -M -r -g minio-user minio-user

chown -Rf minio-user. /data1/


dd if=/dev/zero of=/media/testfile1 bs=200M count=5
dd if=/dev/zero of=/media/testfile2 bs=200M count=5
dd if=/dev/zero of=/media/testfile3 bs=200M count=5
dd if=/dev/zero of=/media/testfile4 bs=200M count=5
mkfs.xfs /media/testfile1
mkfs.xfs /media/testfile2
mkfs.xfs /media/testfile3
mkfs.xfs /media/testfile4

mount -t xfs /media/testfile1 /data1/minio1/
mount -t xfs /media/testfile2 /data1/minio2/
mount -t xfs /media/testfile3 /data1/minio3/
mount -t xfs /media/testfile4 /data1/minio4/

固化挂载:

bash 复制代码
tail -f /etc/fstab


/media/testfile1  /data1/minio1/  xfs defaults 0 0 
/media/testfile2  /data1/minio2/  xfs defaults 0 0 
/media/testfile3  /data1/minio3/  xfs defaults 0 0 
/media/testfile4  /data1/minio4/  xfs defaults 0 0 
bash 复制代码
[root@node1 ~]# df -ah
Filesystem               Size  Used Avail Use% Mounted on
sysfs                       0     0     0    - /sys
proc                        0     0     0    - /proc
devtmpfs                 2.0G     0  2.0G   0% /dev
securityfs                  0     0     0    - /sys/kernel/security
tmpfs                    2.0G   52K  2.0G   1% /dev/shm
devpts                      0     0     0    - /dev/pts
tmpfs                    2.0G   68M  1.9G   4% /run
tmpfs                    2.0G     0  2.0G   0% /sys/fs/cgroup
。。。。略略略。。。
/dev/loop0               997M   99M  899M  10% /data1/minio1
/dev/loop1               997M   99M  899M  10% /data1/minio2
/dev/loop2               997M   99M  899M  10% /data1/minio3
/dev/loop3               997M   99M  899M  10% /data1/minio4

三,

正式安装部署minio

每个节点都执行:

bash 复制代码
rpm -ivh minio-20230413030807.0.0.x86_64.rpm

安装完毕后,查看minio的启动脚本:

bash 复制代码
[root@node1 ~]# cat /etc/systemd/system/minio.service 
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=minio-user
Group=minio-user
ProtectProc=invisible

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=1048576

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

观察该脚本,发现用户这方面我们已经设置好了,前面创建了用户,现在是两个关键变量$MINIO_OPTS $MINIO_VOLUMES 以及存放变量的文件/etc/default/minio

可以看到,刚安装完毕是没有这个文件的,需要我们自己创建(每个节点都一样的):

bash 复制代码
cat >/etc/default/minio <<EOF
# Set the hosts and volumes MinIO uses at startup
# The command uses MinIO expansion notation {x...y} to denote a
# sequential series.
#
# The following example covers four MinIO hosts
# with 4 drives each at the specified hostname and drive locations.
# The command includes the port that each MinIO server listens on
# (default 9000)
## 这块是文件磁盘的位置 因为我们是集群节点是163-166 这边是一种池化写法
MINIO_VOLUMES="http://192.168.123.{11...14}:39111/data1/minio{1...4}"

# Set all MinIO server options
#
# The following explicitly sets the MinIO Console listen address to
# port 9001 on all network interfaces. The default behavior is dynamic
# port selection.

## minio-console的地址 就是web界面控制台
MINIO_OPTS="--address :39111 --console-address :39112"

# Set the root username. This user has unrestricted permissions to
# perform S3 and administrative API operations on any resource in the
# deployment.
#
# Defer to your organizations requirements for superadmin user name.

# console的登陆账号
MINIO_ROOT_USER=minioadmin

# Set the root password
#
# Use a long, random, unique string that meets your organizations
# requirements for passwords.

# console的登陆密码
MINIO_ROOT_PASSWORD=minioadmin
EOF

该配置文件的说明:

bash 复制代码
MINIO_VOLUMES="http://192.168.123.{11...14}:39111/data1/minio{1...4}"
可以拆开写成 MINIO_VOLUMES="http://192.168.123.11:39111/data1/minio{1...4} http://192.168.123.12:39111/data1/minio{1...4} http://192.168.123.13:39111/data1/minio{1...4}
http://192.168.123.14:39111/data1/minio{1...4}"
因为,四个VMware服务器IP是连续的,所以可以写成上面的简略形式,下面的拆开写法也是OK的
bash 复制代码
MINIO_OPTS="--address :39111 --console-address :39112"
可以改成MINIO_OPTS="--address :39111 " ,修改为这种形式的时候,minio启动的时候console就会使用随机端口,minio server的服务端口是39111,默认是9000,建议修改端口以提高服务的安全性
bash 复制代码
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
这两个是minio服务的web登录账号密码,实际生产中建议设置密码复杂一些

最后还需要给该文件赋权:

bash 复制代码
chown -Rf minio-user. /etc/default/minio

四,

启动minio服务

bash 复制代码
systemctl enable minio
systemctl start minio
systemctl status minio

最后一个命令输出如下,表示服务正常:

bash 复制代码
Dec 28 23:45:57 node1 minio[23188]: MinIO Object Storage Server
Dec 28 23:45:57 node1 minio[23188]: Copyright: 2015-2023 MinIO, Inc.
Dec 28 23:45:57 node1 minio[23188]: License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Dec 28 23:45:57 node1 minio[23188]: Version: RELEASE.2023-04-13T03-08-07Z (go1.20.3 linux/amd64)
Dec 28 23:45:57 node1 minio[23188]: Status:         16 Online, 0 Offline.
Dec 28 23:45:57 node1 minio[23188]: API: http://10.96.24.248:39111  http://192.168.123.11:39111  http://169.254.25.10:39111  http://10.96.0.3:39111  http://10.96.0.1:39111  http://172.17.0.1:39111  http://10.244.26.0:39111  http://127.0.0.1:39111
Dec 28 23:45:57 node1 minio[23188]: Console: http://10.96.24.248:43585 http://192.168.123.11:43585 http://169.254.25.10:43585 http://10.96.0.3:43585 http://10.96.0.1:43585 http://172.17.0.1:43585 http://10.244.26.0:43585 http://127.0.0.1:43585
Dec 28 23:45:57 node1 minio[23188]: Documentation: https://min.io/docs/minio/linux/index.html
Dec 28 23:45:58 node1 minio[23188]: You are running an older version of MinIO released 8 months ago
Dec 28 23:45:58 node1 minio[23188]: Update: Run `mc admin update`

关键字段是Dec 28 23:45:57 node1 minio[23188]: Status: 16 Online, 0 Offline. 这个表示drive全部被发现

最下面有一个警告,说的是minio版本有点低,可以忽略, You are running an older version of MinIO released 8 months ago

还有一个警告找不到了,不过也是无所谓,那个警告大体意思是操作系统内核太低,建议内核版本4以上,minio的性能会更好一点。

目前的内核版本:

bash 复制代码
[root@node4 ~]# uname  -a
Linux node4 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

console也就是web管理界面的端口:

bash 复制代码
Console: http://10.96.24.248:35382 http://192.168.123.14:35382 http://169.254.25.10:35382 http://10.96.0.3:35382 http://10.96.0.1:35382 http://172.17.0.1:35382 http://10.244.41.0:35382 http://127.0.0.1:35382

很明显http://192.168.123.14:35382 其它的IP可能由于是minio和kubernetes运行在一起了吧,忽略掉就可以了

登录web管理界面:

创建桶(我已经创建过了,叫test)

monitoring 可以看到有使用多少磁盘

传一个大文件上去:

传输速度还是比较快的,比ftp什么的快多了

在看看磁盘使用空间:

可以看到,一个800多M的文件被minio打散了分布存储到了各个节点上了

下载文件:

可以看到,下载是先从minio server上各个节点收集文件在下载的

五,

测试高可用

192.168.123.14节点关机

仍然可以正常下载 上传文件:

查看服务状态:

bash 复制代码
[root@node1 ~]# systemctl status minio
● minio.service - MinIO
   Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2023-12-29 18:53:31 CST; 7h ago
     Docs: https://docs.min.io
  Process: 15886 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exited, status=0/SUCCESS)
 Main PID: 15889 (minio)
    Tasks: 15
   Memory: 144.9M
   CGroup: /system.slice/minio.service
           └─15889 /usr/local/bin/minio server --address :39111 --console-address :39112 http://192.168.123.{11...14}:39111/data1/minio{1...4}

Dec 30 01:59:23 node1 minio[15889]: API: SYSTEM()
Dec 30 01:59:23 node1 minio[15889]: Time: 17:59:23 UTC 12/29/2023
Dec 30 01:59:23 node1 minio[15889]: DeploymentID: 5e75dcd3-d3de-4a08-bdee-3197016ceded
Dec 30 01:59:23 node1 minio[15889]: Error: Marking 192.168.123.14:39111 offline temporarily; caused by Post "http://192.168.123.14:39111/minio/peer/v30/log": dial tcp 192.168.123.14:39111: connect: no route to host (*fmt.wrapError)
Dec 30 01:59:23 node1 minio[15889]: 6: internal/logger/logonce.go:118:logger.(*logOnceType).logOnceIf()
Dec 30 01:59:23 node1 minio[15889]: 5: internal/logger/logonce.go:149:logger.LogOnceIf()
Dec 30 01:59:23 node1 minio[15889]: 4: internal/rest/client.go:259:rest.(*Client).Call()
Dec 30 01:59:23 node1 minio[15889]: 3: cmd/peer-rest-client.go:68:cmd.(*peerRESTClient).callWithContext()
Dec 30 01:59:23 node1 minio[15889]: 2: cmd/peer-rest-client.go:710:cmd.(*peerRESTClient).doConsoleLog()
Dec 30 01:59:23 node1 minio[15889]: 1: cmd/peer-rest-client.go:734:cmd.(*peerRESTClient).ConsoleLog.func1()

在关闭一个节点,上传不了了,也下载不了任何文件了,只能看看:

两个关闭的节点在开启,很快的啊,啪 的一下 就恢复了:

下载和上传功能完全恢复,很快的,就不演示了, 在看服务状态就没什么报错了:

bash 复制代码
[root@node1 ~]# systemctl status minio
● minio.service - MinIO
   Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2023-12-30 02:37:20 CST; 1s ago
     Docs: https://docs.min.io
  Process: 64997 ExecStartPre=/bin/bash -c if [ -z "${MINIO_VOLUMES}" ]; then echo "Variable MINIO_VOLUMES not set in /etc/default/minio"; exit 1; fi (code=exited, status=0/SUCCESS)
 Main PID: 64999 (minio)
    Tasks: 11
   Memory: 143.1M
   CGroup: /system.slice/minio.service
           └─64999 /usr/local/bin/minio server --address :39111 --console-address :39112 http://192.168.123.{11...14}:39111/data1/minio{1...4}

Dec 30 02:37:20 node1 minio[64999]: Copyright: 2015-2023 MinIO, Inc.
Dec 30 02:37:20 node1 minio[64999]: License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Dec 30 02:37:20 node1 minio[64999]: Version: RELEASE.2023-04-13T03-08-07Z (go1.20.3 linux/amd64)
Dec 30 02:37:20 node1 minio[64999]: Use `mc admin info` to look for latest server/drive info
Dec 30 02:37:20 node1 minio[64999]: Status:         15 Online, 1 Offline.
Dec 30 02:37:20 node1 minio[64999]: API: http://10.96.24.248:39111  http://192.168.123.11:39111  http://169.254.25.10:39111  http://10.96.0.3:39111  http://10.96.0.1:39111  http://172.17.0.1:39111  http://10.244.26.0:39111  http://127.0.0.1:39111
Dec 30 02:37:20 node1 minio[64999]: Console: http://10.96.24.248:39112 http://192.168.123.11:39112 http://169.254.25.10:39112 http://10.96.0.3:39112 http://10.96.0.1:39112 http://172.17.0.1:39112 http://10.244.26.0:39112 http://127.0.0.1:39112
Dec 30 02:37:20 node1 minio[64999]: Documentation: https://min.io/docs/minio/linux/index.html
Dec 30 02:37:21 node1 minio[64999]: You are running an older version of MinIO released 8 months ago

总结:

minio可以作为网盘使用,但一般是与其它组件联合使用,例如,kubernetes集群内部使用,kafka,redis等等,根据实际需求持久化数据,minio自带有比较完整的权限系统,安全性还是有一定保障的。

本例中,1个节点关闭或者损坏不影响minio集群的使用,2个节点关闭或者损坏将只能读存储,不可以上传或者下载了,也就是只能看看

minio是去中心化的,也就是没有什么主从之分的,因此可以使用nginx做负载均衡:

bash 复制代码
upstream minio_servers {
 server 192.168.123.11:39111;
 server 192.168.123.12:39111;
 server 192.168.123.13:39111;
 server 192.168.123.14:39111;
}
server {
 listen 80;
 server_name 192.168.123.11;
 # To allow special characters in headers
 ignore_invalid_headers off;
 # Allow any size file to be uploaded.
 # Set to a value such as 1000m; to restrict file size to a specific value
 client_max_body_size 0;
 # To disable buffering
 proxy_buffering off;
 location / {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header Host $http_host;
 proxy_connect_timeout 300;
 # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
 proxy_http_version 1.1;
 proxy_set_header Connection "";
 chunked_transfer_encoding off;
 proxy_pass http://minio_servers; # If you are using docker-compose this would be the hostname i.e. minio
 # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
 # /minio/health/live;
 }
 access_log /var/log/nginx/minio_access.log custom_sls_log;
 error_log /var/log/nginx/minio.error.log;
}

当然了,如果console显式的配置了端口并且是统一的端口,那么,也可以放nginx里负载均衡,和上面基本一样的配置,就不演示了

相关推荐
m0_748254882 分钟前
DataX3.0+DataX-Web部署分布式可视化ETL系统
前端·分布式·etl
蜜獾云7 分钟前
docker 安装雷池WAF防火墙 守护Web服务器
linux·运维·服务器·网络·网络安全·docker·容器
小屁不止是运维8 分钟前
麒麟操作系统服务架构保姆级教程(五)NGINX中间件详解
linux·运维·服务器·nginx·中间件·架构
bitcsljl22 分钟前
Linux 命令行快捷键
linux·运维·服务器
ac.char25 分钟前
在 Ubuntu 下使用 Tauri 打包 EXE 应用
linux·运维·ubuntu
Cachel wood44 分钟前
python round四舍五入和decimal库精确四舍五入
java·linux·前端·数据库·vue.js·python·前端框架
明耀1 小时前
WPF TabControl 设置item不能点击
wpf
Youkiup1 小时前
【linux 常用命令】
linux·运维·服务器
qq_297504611 小时前
【解决】Linux更新系统内核后Nvidia-smi has failed...
linux·运维·服务器