Differences

This shows you the differences between two versions of the page.

--- docker_cluster [2024/10/20 01:38] – neoon
+++ docker_cluster [2024/10/21 15:29] (current) – neoon
@@ Line 1: / Line 1: @@
 ==== Docker Cluster HA Setup ====
-**1**. Setup a VPN in-between your 3 or more servers.
+**1**. Setup a VPN in-between your 3,5,7 or more servers.
 This can be done with TincVPN for example but there are many others you can choose from.
+https://www.tinc-vpn.org/
 **2**. Installing GlusterFS
-  curl https://download.gluster.org/pub/gluster/glusterfs/11/rsa.pub | gpg --dearmor > /usr/share/keyrings/
+  apt-get install gpg -y
-  glusterfs-archive-keyring.gpg
+  curl https://download.gluster.org/pub/gluster/glusterfs/11/rsa.pub | gpg --dearmor > /usr/share/keyrings/glusterfs-archive-keyring.gpg
   DEBID=$(grep 'VERSION_ID=' /etc/os-release | cut -d '=' -f 2 | tr -d '"')
   DEBVER=$(grep 'VERSION=' /etc/os-release | grep -Eo '[a-z]+')
   DEBARCH=$(dpkg --print-architecture)
   echo "deb [signed-by=/usr/share/keyrings/glusterfs-archive-keyring.gpg] https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/${DEBID}/${DEBARCH}/apt ${DEBVER} main" | sudo tee /etc/apt/sources.list.d/gluster.list
-  apt-get update && apt-get install glusterfs-server
+  apt-get update && apt-get install glusterfs-server -y
-**3**. Enable GlusterFS
+**3**. Edit /etc/glusterfs/glusterd.vol and add \\
+This will prevent glusterfs from getting exposed to the dangerous interwebs.
+  option transport.socket.bind-address 10.0.X.1
+rpcbind does listen on the network and we don't need it, so lets get rid of it.
+  apt-get remove rpcbind -y
-  systemctl start glusterd
+**4**. Enable GlusterFS
-  systemctl enable glusterd
-**4**. Peer with your GlusterFS nodes
+  systemctl start glusterd && systemctl enable glusterd
+**5**. Peer with your GlusterFS nodes
   gluster peer probe 10.0.2.1
   gluster peer probe 10.0.3.1
-**5**. Check the peering status
+**6**. Check the peering status
   gluster peer status
-**6**. Edit /etc/glusterfs/glusterd.vol and add \\
+**7.** Folders for the mount
-This will prevent glusterfs from getting exposed to the dangerous interwebs.
+  mkdir -p /mnt/bricks/docker &&   mkdir -p /mnt/data/docker
-  option transport.socket.bind-address 10.0.X.1
-**7**. Restart GlusterFS to apply the change
-  systemctl restart glusterd
 **8.** Create your first volume for Docker
-  mkdir -p /mnt/bricks/docker
   gluster volume create docker replica 3 10.0.1.1:/mnt/bricks/docker 10.0.2.1:/mnt/bricks/docker 10.0.3.1:/mnt/bricks/docker force
+  gluster volume start docker
 **9**. Mount your first volume
-  mkdir -p /mnt/data/docker
   mount.glusterfs 10.0.X.1:/docker /mnt/data/docker
@@ Line 68: / Line 72: @@
 Added one line
-  ExecStartPre=/bin/sh -c 'until ping -c1 10.0.X.1; do sleep 1; done;
+  ExecStartPre=/bin/sh -c 'until ping -c1 10.0.X.1; do sleep 1; done;'
 Profit! Next reboot GlusterFS should start up fine.
@@ Line 93: / Line 97: @@
 listen-addr will force swarm to bind to your local VPN
-**16**. Promote the other Nodes to archive 100% True HA
+**16**. Check the Cluster
+  docker node ls
+**17**. Promote the other Nodes to archive 100% True HA
   docker node promote node2
   docker node promote node3
-**17**. Deploy your first service \\
+**18**. Deploy your first service \\
 In my case it was a ZNC bouncer. \\
 Had to run the docker container normally to generate the config files. \\
@@ Line 103: / Line 110: @@
   docker run -it -v /mnt/data/docker/znc/:/znc-data znc --makeconf
-Now I could deploy the service.
+Lets deploy the service.
   docker service create --mount type=bind,src=/mnt/data/docker/znc/,dst=/znc-data --publish published=1025,target=1025 --name bouncer znc
+The service will get exposed on port 1025 on all nodes.
-**18**. If you run, on any node.
+**19**. If you run this, on any node.
   docker node ps $(docker node ls -q)
 You should be able to check your container status.
+**20**. When you reboot the node with your container, the service should be restored in about 60s.