写在前面

• 所有组件均使用容器方式
• 目前仅仅做到了Gitlab-CE的主备方式高可用，没有做到双活

集群主机IP及组件说明

• 192.168.26.101 [etcd,patroni,redis-cluster,redis-sentinel,gitlab]
• 192.168.26.102 [etcd,patroni,redis-cluster,redis-sentinel,gitlab]
• 192.168.26.103 [etcd,patroni,redis-cluster,redis-sentinel,gitlab]
• 192.168.26.200 VIP地址用于patroni集群Master使用
• 192.168.26.201 VIP地址用于gitlab-ce的外部url使用
• 192.168.26.10 NFS地址
• 执行循序 etcd -> patroni -> redis-cluster -> redis-sentinel -> mount /etc/fstab -> 等待gitlab自运行

postgres集群

etcd集群

//192.168.26.101
HOST_NAME=etcd-1
ETCD_ENDPOINT=etcd-1=http://192.168.26.101:2380,etcd-2=http://192.168.26.102:2380,etcd-3=http://192.168.26.103:2380
HOST_IP=`python -c "import socket;res = socket.gethostbyname(socket.gethostname());print(res)"`
ETCD_DATA=/opt/etcd/data

docker run -d --restart=always --net=host \
-v $ETCD_DATA:/etcd-data \
--name $HOST_NAME \
quay.io/coreos/etcd:v3.5.7 \
/usr/local/bin/etcd \
-name $HOST_NAME \
--data-dir /etcd-data \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://$HOST_IP:2380 \
--initial-cluster "$ETCD_ENDPOINT" \
--initial-cluster-token tkn \
--initial-cluster-state new \
--log-level info \
--logger zap \
--log-outputs stderr

//192.168.26.102
HOST_NAME=etcd-2
ETCD_ENDPOINT=etcd-1=http://192.168.26.101:2380,etcd-2=http://192.168.26.102:2380,etcd-3=http://192.168.26.103:2380
HOST_IP=`python -c "import socket;res = socket.gethostbyname(socket.gethostname());print(res)"`
ETCD_DATA=/opt/etcd/data

docker run -d --restart=always --net=host \
-v $ETCD_DATA:/etcd-data \
--name $HOST_NAME \
quay.io/coreos/etcd:v3.5.7 \
/usr/local/bin/etcd \
-name $HOST_NAME \
--data-dir /etcd-data \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://$HOST_IP:2380 \
--initial-cluster "$ETCD_ENDPOINT" \
--initial-cluster-token tkn \
--initial-cluster-state new \
--log-level info \
--logger zap \
--log-outputs stderr



//192.168.26.103
HOST_NAME=etcd-3
ETCD_ENDPOINT=etcd-1=http://192.168.26.101:2380,etcd-2=http://192.168.26.102:2380,etcd-3=http://192.168.26.103:2380
HOST_IP=`python -c "import socket;res = socket.gethostbyname(socket.gethostname());print(res)"`
ETCD_DATA=/opt/etcd/data

docker run -d --restart=always --net=host \
-v $ETCD_DATA:/etcd-data \
--name $HOST_NAME \
quay.io/coreos/etcd:v3.5.7 \
/usr/local/bin/etcd \
-name $HOST_NAME \
--data-dir /etcd-data \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://$HOST_IP:2380 \
--initial-cluster "$ETCD_ENDPOINT" \
--initial-cluster-token tkn \
--initial-cluster-state new \
--log-level info \
--logger zap \
--log-outputs stderr

patroni集群

//192.168.26.101
HOST_NAME=patroni-1
ETCD_ENDPOINT=192.168.26.101:2379,192.168.26.102:2379,192.168.26.103:2379
PATRONI_PASSWD='123456'
PATRONI_VIP='192.168.26.200'
PATRONI_BRD='192.168.26.255'
PATRONI_DATA=/opt/postgres/data/

docker run -d --restart=always --name=$HOST_NAME \
--privileged \
--net=host \
--hostname=$HOST_NAME \
-e ETCD_ENDPION=$ETCD_ENDPOINT \
-e PATRONI_PASSWD=$PATRONI_PASSWD \
-e PATRONI_VIP=$PATRONI_VIP \
-e PATRONI_BRD=$PATRONI_BRD \
-v $PATRONI_DATA:/home/postgres/data/ \
swr.cn-north-4.myhuaweicloud.com/easyk8s.com/postgres_cluster:2023_02_07


//192.168.26.102
HOST_NAME=patroni-2
ETCD_ENDPOINT=192.168.26.101:2379,192.168.26.102:2379,192.168.26.103:2379
PATRONI_PASSWD='123456'
PATRONI_VIP='192.168.26.200'
PATRONI_BRD='192.168.26.255'
PATRONI_DATA=/opt/postgres/data/

docker run -d --restart=always --name=$HOST_NAME \
--privileged \
--net=host \
--hostname=$HOST_NAME \
-e ETCD_ENDPION=$ETCD_ENDPOINT \
-e PATRONI_PASSWD=$PATRONI_PASSWD \
-e PATRONI_VIP=$PATRONI_VIP \
-e PATRONI_BRD=$PATRONI_BRD \
-v $PATRONI_DATA:/home/postgres/data/ \
swr.cn-north-4.myhuaweicloud.com/easyk8s.com/postgres_cluster:2023_02_07


//192.168.26.103
HOST_NAME=patroni-3
ETCD_ENDPOINT=192.168.26.101:2379,192.168.26.102:2379,192.168.26.103:2379
PATRONI_PASSWD='123456'
PATRONI_VIP='192.168.26.200'
PATRONI_BRD='192.168.26.255'
PATRONI_DATA=/opt/postgres/data/

docker run -d --restart=always --name=$HOST_NAME \
--privileged \
--net=host \
--hostname=$HOST_NAME \
-e ETCD_ENDPION=$ETCD_ENDPOINT \
-e PATRONI_PASSWD=$PATRONI_PASSWD \
-e PATRONI_VIP=$PATRONI_VIP \
-e PATRONI_BRD=$PATRONI_BRD \
-v $PATRONI_DATA:/home/postgres/data/ \
swr.cn-north-4.myhuaweicloud.com/easyk8s.com/postgres_cluster:2023_02_07

验证集群

# 验证postgres_cluster集群
# docker exec -it patroni-[1/2/3] bash
$ patronictl -c /home/postgres/config/patroni.yml list

redis 哨兵集群

redis-cluster

//192.168.26.101
#!/bin/bash
HOST_NAME=redis_server-1
REDIS_DATA=/opt/redis/data

docker run -d --name $HOST_NAME \
--net=host \
-v $REDIS_DATA:/data \
redis:latest  redis-server --port 6379

//192.168.26.102
#!/bin/bash
HOST_NAME=redis_server-2
REDIS_DATA=/opt/redis/data
REDIS_MASTER_IP='192.168.26.101'
REDIS_MASTER_PORT=6379

docker run -d --name $HOST_NAME \
--net=host \
-v /opt/redis/data:/data \
redis:latest redis-server --slaveof $REDIS_MASTER_IP $REDIS_MASTER_PORT --port 6379

//192.168.26.103
#!/bin/bash
HOST_NAME=redis_server-3
REDIS_DATA=/opt/redis/data
REDIS_MASTER_IP='192.168.26.101'
REDIS_MASTER_PORT=6379

docker run -d --name $HOST_NAME \
--net=host \
-v /opt/redis/data:/data \
redis:latest redis-server --slaveof $REDIS_MASTER_IP $REDIS_MASTER_PORT --port 6379

redis-sentinel

//192.168.26.101
REDIS_NAME_IP='192.168.26.101'
REDIS_NAME_PORT=6379
REDIS_SENTINEL_CONFIG=/opt/redis/sentinel.conf
REDIS_SENTINEL_PORT=5000
HOST_NAME=reids_sentinel-1

if [[ ! -e ${REDIS_SENTINEL_CONFIG}gitlab.rb ]];
then

cat > $REDIS_SENTINEL_CONFIG <<EOF
protected-mode no
bind 0.0.0.0
port 5000
daemonize no
sentinel monitor mymaster $REDIS_NAME_IP $REDIS_NAME_PORT 2
sentinel down-after-milliseconds mymaster $REDIS_SENTINEL_PORT
sentinel failover-timeout mymaster 180000
sentinel parallel-syncs mymaster 1
EOF

fi

docker run -d --restart=always --name $HOST_NAME \
-p $REDIS_SENTINEL_PORT:$REDIS_SENTINEL_PORT \
-v /opt/redis/sentinel.conf:/etc/redis/sentinel.conf \
redis redis-sentinel /etc/redis/sentinel.conf


//192.168.26.102
REDIS_NAME_IP='192.168.26.101'
REDIS_NAME_PORT=6379
REDIS_SENTINEL_CONFIG=/opt/redis/sentinel.conf
REDIS_SENTINEL_PORT=5000
HOST_NAME=reids_sentinel-2

if [[ ! -e ${REDIS_SENTINEL_CONFIG}gitlab.rb ]];
then

cat > $REDIS_SENTINEL_CONFIG <<EOF
protected-mode no
bind 0.0.0.0
port 5000
daemonize no
sentinel monitor mymaster $REDIS_NAME_IP $REDIS_NAME_PORT 2
sentinel down-after-milliseconds mymaster $REDIS_SENTINEL_PORT
sentinel failover-timeout mymaster 180000
sentinel parallel-syncs mymaster 1
EOF

fi

docker run -d --restart=always --name $HOST_NAME \
-p $REDIS_SENTINEL_PORT:$REDIS_SENTINEL_PORT \
-v /opt/redis/sentinel.conf:/etc/redis/sentinel.conf \
redis redis-sentinel /etc/redis/sentinel.conf


//192.168.26.103
REDIS_NAME_IP='192.168.26.101'
REDIS_NAME_PORT=6379
REDIS_SENTINEL_CONFIG=/opt/redis/sentinel.conf
REDIS_SENTINEL_PORT=5000
HOST_NAME=reids_sentinel-3

if [[ ! -e ${REDIS_SENTINEL_CONFIG}gitlab.rb ]];
then

cat > $REDIS_SENTINEL_CONFIG <<EOF
protected-mode no
bind 0.0.0.0
port 5000
daemonize no
sentinel monitor mymaster $REDIS_NAME_IP $REDIS_NAME_PORT 2
sentinel down-after-milliseconds mymaster $REDIS_SENTINEL_PORT
sentinel failover-timeout mymaster 180000
sentinel parallel-syncs mymaster 1
EOF

fi

docker run -d --restart=always --name $HOST_NAME \
-p $REDIS_SENTINEL_PORT:$REDIS_SENTINEL_PORT \
-v /opt/redis/sentinel.conf:/etc/redis/sentinel.conf \
redis redis-sentinel /etc/redis/sentinel.conf

验证Redis集群

# pip install redis -i http://mirrors.aliyun.com/pypi/simple 

# cat redis_test.py
# -*- coding:utf-8 -*-  
from redis.sentinel import Sentinel

# 连接哨兵服务器(主机名也可以用域名)
sentinel = Sentinel([('192.168.26.101', 5000),
                     ('192.168.26.102', 5001),
                     ('192.168.26.103', 5001)
                     ],
                    socket_timeout=0.5)

# 获取主服务器地址
master = sentinel.discover_master('mymaster')
print("redis master ip",master)

slave = sentinel.discover_slaves('mymaster')
print("redis slave ip",slave)

master = sentinel.master_for('mymaster', socket_timeout=0.5, db=15)
w_ret = master.set('foo', 'bar')

slave = sentinel.slave_for('mymaster', socket_timeout=0.5, db=15)
r_ret = slave.get('foo')
print(r_ret)

# python3 redis.py
redis master ip ('192.168.26.101', 6379)
redis slave ip [('192.168.26.102', 6379), ('192.168.26.103', 6379)]
b'bar'

redis create user And passwd And tables

// 需要取Master主机执行，也就是挂载192.168.26.200的机器
# docker exec -it patroni-3 bash
$ psql
$ create role gitlab login encrypted password 'pass';
$ create database gitlabhq_production owner=gitlab ENCODING = 'UTF8';
$ \c gitlabhq_production
$ CREATE EXTENSION pg_trgm;
$ select extname,extowner,extnamespace,extrelocatable,extversion from pg_extension;

Gitlab-CE

mount /etc/fstab

//[注意]NFS的设置sync,no_root_squash,no_all_squash

//192.168.26.101
# mkdir -p /opt/gitlab/{config,data,master}
# vi /etc/fstab
192.168.26.10:/data/gitlab/config /opt/gitlab/config nfs4 defaults        0 0
192.168.26.10:/data/gitlab/data /opt/gitlab/data nfs4 defaults        0 0
192.168.26.10:/data/gitlab/master /opt/gitlab/master nfs4 defaults        0 0
# mount -a

//[注意要设置每台机器的Crontab]
# crontab -l
# */3 * * * * /bin/bash /opt/gitlab.sh > /dev/null 2>&1

# vi /opt/gitlab.sh
#!/bin/bash

# 配合crontab 主备
# 注意MASTER_DIR 为NFS共享目录用于抢占写入
MASTER_SEZIE_CONFIG=/opt/gitlab/master/sezie.config
# 注意GIT_CONFIG/DATA为NFS共享目录用于配置文件和数据目录
GIT_CONFIG=/opt/gitlab/config/
GIT_DATA=/opt/gitlab/data/

# [注意]GIT配置文件 
# 需要创建PG中的数据库,用户名,密码,库
# 配置文件中redis的哨兵地址

if [[ ! -e ${GIT_CONFIG}gitlab.rb ]];
then

cat > ${GIT_CONFIG}gitlab.rb << EOF
external_url 'http://192.168.26.201'
postgresql['enable'] = false
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf8"
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_pool'] = 30
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "pass"
gitlab_rails['db_host'] = "192.168.26.200"
gitlab_rails['db_port'] = "5432"

redis['enable'] = false
gitlab_rails['redis_sentinels'] = [
{'host' => '192.168.26.101', 'port' => 5000},
{'host' => '192.168.26.102', 'port' => 5000},
{'host' => '192.168.26.103', 'port' => 5000},
]
redis['master_name'] = 'mymaster'
gitlab_rails['redis_database'] = 0
EOF

fi

# 最大超时时间
TIME_MAX=300


# 抢占启动模块
function start_gitlab(){
  echo "开启抢占"
  IP=`python -c "import socket;res = socket.gethostbyname(socket.gethostname());print(res)"`
  TIME=`date "+%s"`
  echo -n "$IP $TIME" > $MASTER_SEZIE_CONFIG
  docker ps -a | grep gitlab > /dev/null 2>&1
  if [[ $? -eq 0 ]];
  then
    docker start gitlab
  else
docker run -d \
--name gitlab \
-p 443:443 -p 80:80 -p 2222:22 \
-v $GIT_CONFIG:/etc/gitlab/ \
-v /opt/gitlab/log/:/var/log/gitlab \
-v $GIT_DATA:/var/opt/gitlab/ \
gitlab/gitlab-ce
  fi
}

# 判断服务是否是本地提供，不是停止
function stop_gitlab(){
  IP=`cat $MASTER_SEZIE_CONFIG | awk '{print $1}'`
  LOCAL_IP=`python -c "import socket;res = socket.gethostbyname(socket.gethostname());print(res)"`
  if [[ $LOCAL_IP != $IP ]]; 
  then 
    docker stop gitlab
  fi
}

if [[ -e $MASTER_SEZIE_CONFIG ]];
then
  # 存在
  echo "文件存在"
  IP=`cat $MASTER_SEZIE_CONFIG | awk '{print $1}'`
  TIME=`cat $MASTER_SEZIE_CONFIG | awk '{print $2}'`
  HTTP_CODE=`curl -sI http://$IP/users/sign_in | head -n 1 | awk '{print $2}'`
  END_TIME=`date "+%s"`
  if [[ $HTTP_CODE -eq 200 ]];
  then
    # 访问成功更新时间戳
    echo -n "$IP $END_TIME" > $MASTER_SEZIE_CONFIG
    stop_gitlab
  else
    # 访问失败判断时间戳差额
    TIME_TMP=$(( END_TIME -  TIME ))
    if [[ $TIME_TMP -gt $TIME_MAX ]];
    then
      # 大于超时开始抢占
      start_gitlab
    fi
  fi
else
  # 不存在
  echo "文件不存在"
  start_gitlab
fi

验证环节