OpenClaw专栏第六篇:Docker Compose一键部署与集群扩展

发布时间:2026/7/9 3:50:38
OpenClaw专栏第六篇:Docker Compose一键部署与集群扩展 目录一、Docker Compose全栈部署生产级docker-compose.yml编写PostgreSQL数据库容器化Redis缓存服务集成环境变量与密钥管理一键启动与验证二、高可用集群架构多节点Docker Swarm部署负载均衡配置Nginx/SLB会话保持与故障转移数据持久化与共享存储集群监控与告警三、自动化运维体系CI/CD流水线集成自动化备份与恢复日志收集与聚合性能调优与资源限制安全加固与权限收敛四、实战演练从零搭建生产集群故障模拟与恢复压力测试与优化五、后续规划下期预告一、Docker Compose全栈部署1. 生产级docker-compose.yml编写创建项目目录结构mkdir -p /opt/openclaw-cluster/{config,data,logs,backups,nginx} cd /opt/openclaw-cluster编写生产级docker-compose.ymlversion: 3.8 services: # OpenClaw主服务 openclaw-master: image: openclaw/openclaw:2026.3.8 container_name: openclaw-master restart: always environment: - OPENCLAW_MODEmaster - OPENCLAW_MONGO_HOSTmongo - OPENCLAW_REDIS_HOSTredis - OPENCLAW_SECRET${OPENCLAW_SECRET} - OPENAI_API_KEY${OPENAI_API_KEY} - ANTHROPIC_API_KEY${ANTHROPIC_API_KEY} ports: - 8080:8080 - 5000:5000 volumes: - ./config/config.yaml:/app/config/config.yaml:ro - ./logs/master:/app/logs - ./data/master:/app/data depends_on: - mongo - redis - postgres networks: - openclaw-net deploy: resources: limits: cpus: 2 memory: 4G reservations: cpus: 1 memory: 2G healthcheck: test: [CMD, curl, -f, http://localhost:8080/health] interval: 30s timeout: 10s retries: 3 start_period: 40s # OpenClaw工作节点可水平扩展 openclaw-worker: image: openclaw/openclaw:2026.3.8 restart: always environment: - OPENCLAW_MODEworker - OPENCLAW_MASTER_URLhttp://openclaw-master:5000 - OPENCLAW_SECRET${OPENCLAW_SECRET} depends_on: - openclaw-master networks: - openclaw-net deploy: replicas: 3 resources: limits: cpus: 1 memory: 2G # MongoDB mongo: image: mongo:6.0 container_name: openclaw-mongo restart: always environment: - MONGO_INITDB_ROOT_USERNAME${MONGO_USER} - MONGO_INITDB_ROOT_PASSWORD${MONGO_PASS} volumes: - ./data/mongo:/data/db - ./config/mongo-init.js:/docker-entrypoint-initdb.d/init.js:ro networks: - openclaw-net deploy: resources: limits: memory: 2G # Redis redis: image: redis:7.0-alpine container_name: openclaw-redis restart: always command: redis-server --requirepass ${REDIS_PASS} --maxmemory 512mb --maxmemory-policy allkeys-lru volumes: - ./data/redis:/data networks: - openclaw-net deploy: resources: limits: memory: 1G # PostgreSQL postgres: image: postgres:15-alpine container_name: openclaw-postgres restart: always environment: - POSTGRES_DB${PG_DB} - POSTGRES_USER${PG_USER} - POSTGRES_PASSWORD${PG_PASS} volumes: - ./data/postgres:/var/lib/postgresql/data - ./config/postgres-init.sql:/docker-entrypoint-initdb.d/init.sql:ro networks: - openclaw-net deploy: resources: limits: memory: 2G networks: openclaw-net: driver: bridge ipam: config: - subnet: 172.20.0.0/16经验分享在生产环境中我强烈建议为每个服务配置资源限制deploy.resources防止单个容器耗尽宿主机资源。另外healthcheck配置必不可少它能确保服务真正可用后才接收流量。2. PostgreSQL数据库容器化创建数据库初始化脚本nano config/postgres-init.sql-- 创建OpenClaw专用数据库和用户 CREATE DATABASE openclaw_prod; CREATE USER openclaw_user WITH ENCRYPTED PASSWORD YourStrongPassword; GRANT ALL PRIVILEGES ON DATABASE openclaw_prod TO openclaw_user; -- 创建必要表结构 \c openclaw_prod CREATE TABLE IF NOT EXISTS sessions ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id VARCHAR(255) NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, metadata JSONB ); CREATE TABLE IF NOT EXISTS conversations ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), session_id UUID REFERENCES sessions(id), role VARCHAR(50) NOT NULL, content TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE INDEX idx_sessions_user ON sessions(user_id); CREATE INDEX idx_conversations_session ON conversations(session_id);经验分享PostgreSQL相比SQLite在高并发场景下性能更优。我建议在初始化脚本中创建好索引避免后期数据量增长后的性能问题。3. Redis缓存服务集成Redis配置要点command: redis-server --requirepass ${REDIS_PASS} --maxmemory 512mb --maxmemory-policy allkeys-lru --appendonly yes --appendfsync everysec关键参数说明maxmemory-policy allkeys-lru内存满时淘汰最近最少使用的键appendonly yes开启AOF持久化appendfsync everysec每秒同步平衡性能与安全经验分享Redis的内存策略选择很重要。对于OpenClaw这种缓存场景allkeys-lru是最合适的。如果数据不能丢失建议同时开启RDB和AOF。4. 环境变量与密钥管理创建.env文件nano .env# OpenClaw配置 OPENCLAW_SECRETyour-64-char-random-secret-key-here OPENAI_API_KEYsk-your-openai-key ANTHROPIC_API_KEYsk-ant-your-claude-key # MongoDB配置 MONGO_USERadmin MONGO_PASSYourMongoPassword # Redis配置 REDIS_PASSYourRedisPassword # PostgreSQL配置 PG_DBopenclaw_prod PG_USERopenclaw_user PG_PASSYourPostgresPassword生成安全密钥# 生成64位随机字符串 openssl rand -hex 32 # 生成强密码 openssl rand -base64 24设置文件权限chmod 600 .env chown root:root .env经验分享永远不要将.env文件提交到Git仓库我通常会在.gitignore中添加.env并使用Vault或AWS Secrets Manager管理生产环境密钥。5. 一键启动与验证启动所有服务# 启动后台运行 docker compose up -d # 查看服务状态 docker compose ps # 查看日志 docker compose logs -f openclaw-master # 健康检查 curl -s http://localhost:8080/health | jq .预期输出{ status: healthy, version: 2026.3.8, services: { mongo: connected, redis: connected, postgres: connected } }二、高可用集群架构6. 多节点Docker Swarm部署初始化Swarm集群二、高可用集群架构 6. 多节点Docker Swarm部署 初始化Swarm集群转换为Swarm Stack# 部署Stack docker stack deploy -c docker-compose.yml openclaw # 查看服务 docker stack services openclaw # 查看任务 docker stack ps openclaw经验分享Docker Swarm比Kubernetes轻量得多适合中小规模集群。如果节点超过20个或需要复杂编排建议迁移到K8s。7. 负载均衡配置Nginx负载均衡配置upstream openclaw_backend { least_conn; server 192.168.1.100:8080 weight3; server 192.168.1.101:8080 weight2; server 192.168.1.102:8080 weight1 backup; keepalive 32; } server { listen 443 ssl http2; server_name openclaw.yourdomain.com; ssl_certificate /etc/letsencrypt/live/openclaw.yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/openclaw.yourdomain.com/privkey.pem; location / { proxy_pass http://openclaw_backend; proxy_http_version 1.1; proxy_set_header Connection ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; # WebSocket支持 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; # 超时设置 proxy_connect_timeout 60s; proxy_read_timeout 300s; } }经验分享least_conn策略比round_robin更适合AI服务因为请求处理时间差异大。keepalive连接能显著减少TCP握手开销。8. 会话保持与故障转移Redis会话存储配置# config.yaml session: store: redis redis: host: redis port: 6379 password: ${REDIS_PASS} db: 0 ttl: 3600 cookie: secure: true httpOnly: true sameSite: strict故障转移测试# 停止一个节点 docker stop openclaw-worker-1 # 观察Nginx自动剔除 curl -I https://openclaw.yourdomain.com/health # 恢复节点 docker start openclaw-worker-19. 数据持久化与共享存储NFS共享存储配置# 在NFS服务器 mkdir -p /nfs/openclaw echo /nfs/openclaw *(rw,sync,no_subtree_check) /etc/exports exportfs -ra # 在各节点挂载 mount -t nfs nfs-server:/nfs/openclaw /mnt/openclaw-shared # docker-compose中使用 volumes: - /mnt/openclaw-shared/data:/app/data经验分享对于生产环境我建议使用云厂商的NAS或EFS服务比自建NFS更可靠。本地SSD用于临时数据共享存储用于持久化数据。10. 集群监控与告警Prometheus Grafana部署# 添加到docker-compose.yml prometheus: image: prom/prometheus:latest volumes: - ./config/prometheus.yml:/etc/prometheus/prometheus.yml - ./data/prometheus:/prometheus command: - --config.file/etc/prometheus/prometheus.yml - --storage.tsdb.retention.time30d ports: - 9090:9090 grafana: image: grafana/grafana:latest environment: - GF_SECURITY_ADMIN_PASSWORD${GRAFANA_PASS} volumes: - ./data/grafana:/var/lib/grafana ports: - 3000:3000Prometheus配置# config/prometheus.yml global: scrape_interval: 15s scrape_configs: - job_name: openclaw static_configs: - targets: [openclaw-master:8080] metrics_path: /metrics - job_name: node-exporter static_configs: - targets: [node-exporter:9100]关键告警规则groups: - name: openclaw-alerts rules: - alert: HighErrorRate expr: rate(http_requests_total{status~5..}[5m]) 0.05 for: 2m annotations: summary: High error rate detected - alert: HighLatency expr: histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) 0.5 for: 5m annotations: summary: P99 latency too high经验分享监控是生产环境的眼睛。我建议至少监控API响应时间、错误率、CPU/内存使用率、队列深度。告警阈值要根据实际基线调整。三、自动化运维体系11. CI/CD流水线集成GitHub Actions示例# .github/workflows/deploy.yml name: Deploy OpenClaw on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkoutv4 - name: Build and push image run: | docker build -t openclaw:${{ github.sha }} . docker tag openclaw:${{ github.sha }} registry.yourdomain.com/openclaw:latest docker push registry.yourdomain.com/openclaw:latest - name: Deploy to cluster run: | ssh deployprod-server cd /opt/openclaw-cluster \ docker compose pull \ docker compose up -d --remove-orphans经验分享我强烈建议使用镜像标签而非latest便于回滚。每次部署前运行集成测试确保镜像质量。12. 自动化备份与恢复备份脚本#!/bin/bash # scripts/backup.sh BACKUP_DIR/opt/openclaw-cluster/backups DATE$(date %Y%m%d_%H%M%S) RETENTION_DAYS30 mkdir -p $BACKUP_DIR # 备份PostgreSQL docker exec openclaw-postgres pg_dump -U $PG_USER $PG_DB | \ gzip $BACKUP_DIR/postgres_$DATE.sql.gz # 备份MongoDB docker exec openclaw-mongo mongodump --archive --gzip | \ cat $BACKUP_DIR/mongo_$DATE.archive.gz # 备份配置文件 tar -czf $BACKUP_DIR/config_$DATE.tar.gz \ ./config ./data/master/sessions # 清理旧备份 find $BACKUP_DIR -name *.gz -mtime $RETENTION_DAYS -delete echo Backup completed: $DATECrontab配置# 每天凌晨2点备份 0 2 * * * /opt/openclaw-cluster/scripts/backup.sh /var/log/openclaw-backup.log 21 # 每周日凌晨3点全量备份 0 3 * * 0 /opt/openclaw-cluster/scripts/full-backup.sh经验分享备份一定要测试恢复我每月都会做一次恢复演练确保备份可用。异地备份也很重要防止机房级故障。13. 日志收集与聚合ELK Stack简化版Loki Grafanaloki: image: grafana/loki:latest volumes: - ./config/loki-config.yaml:/etc/loki/local-config.yaml - ./data/loki:/loki ports: - 3100:3100 promtail: image: grafana/promtail:latest volumes: - ./config/promtail-config.yaml:/etc/promtail/config.yaml - /var/log:/var/log:ro - /var/lib/docker/containers:/var/lib/docker/containers:ro日志查询示例# 错误日志 {jobopenclaw} | ERROR # 慢请求 {jobopenclaw} | slow request | duration 1s # 按用户统计 sum by (user_id) (rate({jobopenclaw}[5m]))经验分享Loki比ELK轻量得多适合中小规模。日志要结构化JSON格式便于查询和分析。敏感信息要在应用层脱敏。14. 性能调优与资源限制内核参数优化# /etc/sysctl.d/99-openclaw.conf net.core.somaxconn 65535 net.ipv4.tcp_max_syn_backlog 65535 net.ipv4.ip_local_port_range 1024 65535 fs.file-max 2097152 vm.swappiness 10Docker资源限制deploy: resources: limits: cpus: 2 memory: 4G reservations: cpus: 1 memory: 2G经验分享资源限制要留有余量建议预留20%。监控实际使用量逐步调整到最优值。15. 安全加固与权限收敛容器安全配置services: openclaw-master: security_opt: - no-new-privileges:true read_only: true tmpfs: - /tmp - /run cap_drop: - ALL cap_add: - NET_BIND_SERVICE网络隔离networks: frontend: backend: internal: true # 禁止外网访问 services: mongo: networks: - backend openclaw-master: networks: - frontend - backend经验分享安全是底线。最小权限原则、网络隔离、镜像扫描、定期更新一个都不能少。四、实战演练16. 从零搭建生产集群完整部署清单# 1. 准备3台服务器 # 2. 安装Docker和Swarm # 3. 初始化集群 # 4. 部署NFS存储 # 5. 部署监控栈 # 6. 部署OpenClaw Stack # 7. 配置Nginx负载均衡 # 8. 配置SSL证书 # 9. 配置备份策略 # 10. 压力测试验证预计耗时4-6小时含调试17. 故障模拟与恢复常见故障场景表格故障类型模拟命令预期恢复时间单节点宕机docker stop openclaw-worker-1 30秒数据库故障docker stop openclaw-postgres 2分钟网络分区断开节点网络 1分钟磁盘满写入大文件告警触发18. 压力测试与优化使用 wrk 或 Locust 进行压测# 安装 wrk sudo apt install -y wrk # 基础压测100并发持续60秒 wrk -t4 -c100 -d60s -s scripts/wrk.lua https://openclaw.yourdomain.com/api/v1/chat # 查看结果 Requests/sec: 1200.50 Transfer/sec: 1.25 MB Latency (avg): 83ms Latency (p99): 450ms经验分享压测不是目的发现问题才是。重点关注 P99 延迟和错误率。如果 P99 延迟超过 1s说明存在瓶颈。我通常会在压测时同时观察 Grafana 面板定位是 CPU、内存、数据库还是网络的问题。五、后续规划19. 下期预告标题《OpenClaw专栏第七篇Kubernetes Operator 企业级自运维架构》预计发布时间2026年7月15日内容预告从 Docker Swarm 到 Kubernetes 的架构升级OpenClaw CRDCustom Resource Definition设计Operator 模式实现声明式管理自动扩缩容HPA KEDA多租户隔离与 RBAC生产级 Helm Chart 编写灰度发布与滚动更新策略企业级安全合规最佳实践难度等级专家级适用人群架构师、SRE、DevOps 团队负责人本篇总结表格部署阶段关键组件核心要点预计时长全栈部署Docker Compose资源限制、健康检查、密钥管理30分钟数据库PostgreSQL Redis初始化脚本、内存策略、持久化15分钟集群架构Docker Swarm节点管理、负载均衡、会话保持45分钟存储NFS/EFS共享数据、权限管理、备份策略20分钟监控Prometheus Grafana指标采集、告警规则、日志聚合30分钟运维CI/CD 备份自动化部署、恢复演练、安全加固40分钟压测wrk/Locust性能基线、瓶颈定位、优化验证30分钟总计约3.5小时最佳实践清单部署前检查服务器配置满足最低要求4C8G起步所有密钥通过环境变量注入不硬编码数据卷挂载到宿主机非容器内部网络隔离配置完成数据库不暴露公网SSL证书已获取并配置部署后验证所有容器状态为 healthy健康检查接口返回正常数据库连接正常Redis缓存读写正常负载均衡生效请求均匀分布监控面板有数据告警规则已测试日常运维每日检查备份是否成功每周审查日志排查异常每月执行一次恢复演练每季度更新镜像版本定期清理过期日志和备份参考资料Docker Compose 官方文档Docker Compose | Docker DocsDocker Swarm 模式Swarm mode | Docker DocsPrometheus 文档Overview | PrometheusGrafana 文档Technical documentation | Grafana LabsLoki 文档Grafana Loki | Grafana Loki documentationOpenClaw 官方仓库https://github.com/open-claw/open-clawNginx 负载均衡Using nginx as HTTP load balancer互动环节欢迎在评论区留言讨论你在 Docker Compose 部署中踩过哪些坑Swarm 和 K8s 你怎么选为什么你的监控告警阈值是怎么设定的备份恢复演练你多久做一次有没有更好的负载均衡方案推荐点赞 收藏 关注不错过每一篇硬核技术指南