swarm basic configuration

Keywords: Docker Nginx network sudo

  1. Prepare three virtual machines, corresponding network conditions are as follows:

    IP address host name Effect
    172.18.74.26 manager Management Node
    172.18.74.29 g160402 worker
    172.18.74.25 u180402 worker

    Modify the host name according to the above conditions and add the parsing configuration of the other two nodes to / etc/hosts

  2. Change the docker daemon listening mode of all nodes to 0.0.0.0:2375

    • Configuration I

      #Modify the line [service] ExecStart as follows
example@manager:~$ sudo vi /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H 0.0.0.0:2375 -H unix:///var/run/docker.sock
example@manager:~$ sudo systemctl daemon-reload
example@manager:~$ sudo systemctl restart docker

    • Configuration II

      example@u180402:~$ cat /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://reg-mirror.qiniu.com",
    "https://hub-mirror.c.163.com",
    "https://registry.aliyuncs.com"
  ],
  "hosts" : ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"]
}
example@manager:~$ sudo vi /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd
example@manager:~$ sudo systemctl daemon-reload
example@manager:~$ sudo systemctl restart docker

  3. Initialization Cluster

    • Create management nodes

      example@manager:~$ docker swarm init --advertise-addr 172.18.74.26
Swarm initialized: current node (w78pv2cxmucv2vca3v5r069wt) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-1fffxrlpybn1oz0qsff9ywxuz7ef1o7v6c4qqf6kwvckt6bphi-6t9lfyat23n99do5y9mpdtdkg 192.168.1.154:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

    • After initializing the management node, two new network docker_gwbridge, ingress are created

      example@manager:~$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6b3877ce1c6f        bridge              bridge              local
6f5af407c445        docker_gwbridge     bridge              local
25066e8c0d9e        host                host                local
p5dq2m8snezx        ingress             overlay             swarm
b512147e5000        none                null                local
      • bridge is the default network created by docker and exists in all docker containers. The docker engine automatically creates subnetworks and routes, and the docker run command automatically adds new containers to the network.
      • docker_gwbridge is a swarm node communication network created automatically by nodes joining swarm.
      • Overlay cross-host network is available only to nodes in swarm that need to be served. When you create a service using overlay network, the management node automatically extends the overlay network to the node running the service task.

    • node nodes join the cluster

      #g160402
example@g160402:~$  docker swarm join --token SWMTKN-1-1fffxrlpybn1oz0qsff9ywxuz7ef1o7v6c4qqf6kwvckt6bphi-6t9lfyat23n99do5y9mpdtdkg 172.18.74.26:2377
This node joined a swarm as a worker.
#u180402
example@u180402:~$  docker swarm join --token SWMTKN-1-1fffxrlpybn1oz0qsff9ywxuz7ef1o7v6c4qqf6kwvckt6bphi-6t9lfyat23n99do5y9mpdtdkg 172.18.74.26:2377
This node joined a swarm as a worker.

    • Manage Node View Node Status

      • Active: The scheduler can schedule tasks to that node
      • Pause: The scheduler cannot schedule tasks to the node, but existing tasks will continue to run
      • Drain: The scheduler cannot schedule tasks to that node and stops existing tasks and assigns them to other Active state nodes
      example@manager:~$ docker node ls

ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
vrfif1jr3v0gl29o8okhdlc4l     g160402             Ready               Active                                  18.06.1-ce
w78pv2cxmucv2vca3v5r069wt *   manager             Ready               Active              Leader              18.09.5
7jjv186tvj8hscubg6me026vq     u180402             Ready               Active                                  18.06.1-ce

    • Withdrawal from Cluster

      example@u180402:~$ docker swarm leave
Node left the swarm.
example@g160402:~$ docker swarm leave
Node left the swarm.
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
vrfif1jr3v0gl29o8okhdlc4l     g160402             Down                Active                                  18.06.1-ce
w78pv2cxmucv2vca3v5r069wt *   manager             Ready               Active              Leader              18.09.5
7jjv186tvj8hscubg6me026vq     u180402             Down                Active                                  18.06.1-ce
#Mandatory Exit of Cluster by manager
example@manager:~$ docker swarm leave --force
Node left the swarm.

  4. Enabling services in clusters

    • Create an http service with two copies

      example@manager:~$ docker service create --replicas 2 --name hello-swarm httpd:latest
01voy53c0ygxb5w7ncocxwfvp
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged
example@manager:~$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
01voy53c0ygx        hello-swarm         replicated          2/2                 httpd:latest
example@manager:~$ docker service ps hello-swarm
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
qw0rfrbhgk5v        hello-swarm.1       httpd:latest        manager             Running             Running about a minute ago
byhnp23chffg        hello-swarm.2       httpd:latest        g160402             Running             Running about a minute ago
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
f9f928c906e4        httpd:latest        "httpd-foreground"   2 minutes ago       Up 2 minutes        80/tcp              hello-swarm.2.byhnp23chffg59hbnpdndgp69

    • Update service configuration

      • Increase port mapping
      example@manager:~$ docker service update --publish-add 8080:80 hello-swarm
hello-swarm
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
8ed735b92841        httpd:latest        "httpd-foreground"   13 seconds ago      Up 11 seconds       80/tcp              hello-swarm.2.0v51ok3f424iaziisc51tfq00

      At this time, you can see the successful "It works" interface of httpd when browser accesses port 8080 of any server.

    • Cluster Expansion

      enee@manager:~$ docker service scale hello-swarm=4
hello-swarm scaled to 4
overall progress: 4 out of 4 tasks
1/4: running   [==================================================>]
2/4: running   [==================================================>]
3/4: running   [==================================================>]
4/4: running   [==================================================>]
enee@manager:~$ docker service ps hello-swarm
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
3o6rzluek155        hello-swarm.1       httpd:latest        u180402             Running             Running 5 minutes ago
qw0rfrbhgk5v         \_ hello-swarm.1   httpd:latest        manager             Shutdown            Shutdown 6 minutes ago
0v51ok3f424i        hello-swarm.2       httpd:latest        g160402             Running             Running 6 minutes ago
byhnp23chffg         \_ hello-swarm.2   httpd:latest        g160402             Shutdown            Shutdown 6 minutes ago
faitccodd7vq        hello-swarm.3       httpd:latest        manager             Running             Running 27 seconds ago
biqpebevezkj        hello-swarm.4       httpd:latest        manager             Running             Running 26 seconds ago

      At this time, the manager server runs two http services, u1804021 and g1604021.

    • Add directory mapping for services, refresh pages many times, and access services will be randomly distributed in the running containers.

      example@manager:~$ docker service update --mount-add type=bind,source=/home/example/temp/,destination=/usr/local/apache2/htdocs/ hello-swarm
hello-swarm
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged

    • Restart the service without changing any configuration

      example@g160402:~$ docker service update --force hello-swarm
hello-swarm
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged
example@g160402:~$ docker service ps hello-swarm
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR                         PORTS
x0j4ow0jozso        hello-swarm.1       httpd:latest        g160402             Running             Running 2 minutes ago
b8g0xoo53w4a         \_ hello-swarm.1   httpd:latest        g160402             Shutdown            Shutdown 2 minutes ago
q8l75pkn9r3x        hello-swarm.2       httpd:latest        g160402             Running             Running 2 minutes ago
q28kvehhdcun         \_ hello-swarm.2   httpd:latest        g160402             Shutdown            Shutdown 2 minutes ago
6nvq8ntrfs04         \_ hello-swarm.2   httpd:latest        g160402             Shutdown            Failed 20 minutes ago    "task: non-zero exit (137)"
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED              STATUS              PORTS               NAMES
36fd1a6c3b28        httpd:latest        "httpd-foreground"   About a minute ago   Up About a minute   80/tcp              hello-swarm.1.x0j4ow0jozsomdxnnw5vkcv6s
6c4501017beb        httpd:latest        "httpd-foreground"   About a minute ago   Up About a minute   80/tcp              hello-swarm.2.q8l75pkn9r3xy33g28llgzui5

    • Delete service

      example@manager:~$ docker service rm hello-swarm
hello-swarm

  5. Let the service run on the specified node

    • Add labels for each node

      • Use the command line to add and delete

        example@manager:~$ docker node update --label-add role=manager manager
manager
example@manager:~$ docker node update --label-add role=worker1 g160402
g160402
example@manager:~$ docker node update --label-add role=worker2 u180402
example@manager:~$ docker node inspect g160402
......
        "Spec": {
            "Labels": {
                "role": "worker1"
            },
......

#Delete Node Labels
example@manager:~$ docker node update --label-rm role g160402
g160402

      • Add tags to docker-daemon

        example@manager:~$ sudo vi /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H 0.0.0.0:2375 -H unix:///var/run/docker.sock --label hostname=manage

    • Specify Running Node

      example@manager:~$ docker service create --replicas 2 --constraint 'node.labels.role == worker1' --name hello-swarm httpd:latest
rfz6aocpi9bh4foq4wzw1bl3x
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
b098a29fc83b        httpd:latest        "httpd-foreground"   7 seconds ago       Up 6 seconds        80/tcp              hello-swarm.1.b8g0xoo53w4adyvf9mdl1hozd
d2cfd7a650c3        httpd:latest        "httpd-foreground"   7 seconds ago       Up 6 seconds        80/tcp              hello-swarm.2.6nvq8ntrfs04i1mx0wiy5f92h

  6. After the container exits or deletes abnormally, the manager node starts the new service again and records the exit log.

    example@manager:~$ docker service ps hello-swarm
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
b8g0xoo53w4a        hello-swarm.1       httpd:latest        g160402             Running             Running 4 minutes ago
6nvq8ntrfs04        hello-swarm.2       httpd:latest        g160402             Running             Running 4 minutes ago
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
b098a29fc83b        httpd:latest        "httpd-foreground"   3 minutes ago       Up 3 minutes        80/tcp              hello-swarm.1.b8g0xoo53w4adyvf9mdl1hozd
d2cfd7a650c3        httpd:latest        "httpd-foreground"   3 minutes ago       Up 3 minutes        80/tcp              hello-swarm.2.6nvq8ntrfs04i1mx0wiy5f92h
example@g160402:~$ docker rm -f d2cfd7a650c3
d2cfd7a650c3
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
b098a29fc83b        httpd:latest        "httpd-foreground"   4 minutes ago       Up 4 minutes        80/tcp              hello-swarm.1.b8g0xoo53w4adyvf9mdl1hozd
example@manager:~$ docker service ps hello-swarm
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR                         PORTS
b8g0xoo53w4a        hello-swarm.1       httpd:latest        g160402             Running             Running 5 minutes ago
q28kvehhdcun        hello-swarm.2       httpd:latest        g160402             Running             Running 7 seconds ago
6nvq8ntrfs04         \_ hello-swarm.2   httpd:latest        g160402             Shutdown            Failed 13 seconds ago   "task: non-zero exit (137)"
example@g160402:~$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
d35b717ddc46        httpd:latest        "httpd-foreground"   19 seconds ago      Up 14 seconds       80/tcp              hello-swarm.2.q28kvehhdcunpi3h5e4a12679
b098a29fc83b        httpd:latest        "httpd-foreground"   5 minutes ago       Up 5 minutes        80/tcp              hello-swarm.1.b8g0xoo53w4adyvf9mdl1hozd

  7. Node Upgrade and Degradation

    • "MANAGER STATUS" status statement:

      • Leader: The primary manager node that makes all group management and orchestration decisions for a group
      • Reachable: If the Leader node becomes unavailable, it is eligible to be elected as a new Leader
      • Unavailable: This node does not have any connection with other Manager nodes. In this case, a new Manager node should be added to the cluster, or a Worker node should be promoted to a Manager node.

    • Upgrade the g160402 node so that the node can execute the executable command of the manager node, "MANAGER STATUS" becomes "Reachable"

      example@manager:~$ docker node promote g160402 u180402
Node g160402 promoted to a manager in the swarm.
Node u180402 promoted to a manager in the swarm.
example@g160402:~$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
kl6siwciwca88y6sp8mhku38p *   g160402             Ready               Active              Reachable           18.06.1-ce
uyoiijq9vtdi9f6tvkr4wuqh9     manager             Ready               Active              Leader              18.09.5
ffm3ttsc31l4tiwa4lyu7vol4     u180402             Ready               Active                                  18.06.1-ce
example@g160402:~$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
kl6siwciwca88y6sp8mhku38p *   g160402             Ready               Active              Leader              18.06.1-ce
uyoiijq9vtdi9f6tvkr4wuqh9     manager             Unknown             Active              Unreachable         18.09.5
ffm3ttsc31l4tiwa4lyu7vol4     u180402             Ready               Active              Reachable           18.06.1-ce

    • Node Degradation

      example@manager:~$ docker node demote g160402
Manager g160402 demoted in the swarm.
example@manager:~$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
kl6siwciwca88y6sp8mhku38p     g160402             Ready               Active                                  18.06.1-ce
uyoiijq9vtdi9f6tvkr4wuqh9 *   manager             Ready               Active              Leader              18.09.5
ffm3ttsc31l4tiwa4lyu7vol4     u180402             Ready               Active                                  18.06.1-ce

  8. Docker stack

    • Instruction usage

      parameter Explain
      deploy Create or update a stack
      ls List existing stacks
      ps List tasks on the stack
      rm Delete one or more stacks
      services List the services in the stack

    • Start a service

      example@manager:/data/@stack/giot$ pwd
/data/@stack/giot
example@manager:/data/@stack/giot$ ls
docker-compose.yml
#Create a custom network
example@manager:~/docker$ docker network create --driver overlay giot_network
7sfjbimchcmhh1336v075y4d9
example@manager:/data/@stack/giot$ cat docker-compose.yml
version: "3"
services:
  nginx:
    image: nginx:1.15.8-alpine
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: "0.1"
          memory: 50M
      placement:
        constraints:
          - node.labels.role == worker1
      restart_policy:
        condition: on-failure
    ports:
    - 80:80/tcp
    volumes:
    - /data/containers/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    - /data/containers/nginx/etc/nginx/conf.d:/etc/nginx/conf.d
    - /dev/log:/dev/log
    - /var/log/nginx:/var/log/nginx
    - /data:/data
    - /etc/localtime:/etc/localtime:ro
    networks:
      - giot_network
networks:
  giot_network:
    external: true
example@manager:/data/@stack/giot$ docker stack deploy -c docker-compose.yml giot
Creating network giot_default
Creating service giot_nginx
example@g160402:/data/containers/nginx$ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS               NAMES
b7b8f7d57a24        nginx:1.15.8-alpine   "nginx -g 'daemon of..."   9 seconds ago       Up 7 seconds        80/tcp              test_nginx.1.x9262cydwiwr6au792z3m39xg
be5b8aae70ee        nginx:1.15.8-alpine   "nginx -g 'daemon of..."   9 seconds ago       Up 7 seconds        80/tcp              test_nginx.2.uf5s1xi537h6k6qkea5wunu3m

Appendix 1: docker service parameter list

Abbreviation parameter Parameter type describe Default values
–config config Configuration assigned to services
–constraint list constraint condition
–container-label list Container label
–credential-spec credential-spec Credential Specification for Hosted Service Accounts (Windows Limited)
-d –detach Exit immediately, not wait for convergence of services
–dns list Setting up custom DNS servers
–dns-option list Setting DNS parameters
–dns-search list Setting up custom DNS search fields
–endpoint-mode string Endpoint mode (vip or dnsrr) vip
–entrypoint command Overlay mirror default ENTRYPOINT
-e –env list Setting environment variables
–env-file list Read environment variables from files
–generic-resource list User-defined resources
–group list Setting up one or more different user groups for containers
–health-cmd string The command line for checking health
–health-interval duration Time interval of health examination (m s/s/m/h)
–health-retries int Reporting unhealthy successive failures
–health-start-period duration The time of container initialization (m s/s/m/h) before recounting to instability
–health-timeout duration Maximum permissible time for a check (m s/s/m/h)
–host list Set one or more host-to-IP mappings (host:ip)
–hostname string Container host name
–isolation string Service Container Isolation Mode
-l –label list Service label
–limit-cpu decimal CPUs limitation
–limit-memory bytes Memory limitation
–log-driver string Log Driver for Services
–log-opt list Log Driver Parameters
–mode string Service pattern (replicated or global) replicated
–mount mount Mount the file system to the service
–name string Service Name
–network network service network
–no-healthcheck Disable any health checks specified in containers
–no-resolve-image Do not query the registry to resolve image summaries and support platforms
–placement-pref pref Adding preference settings
-p –publish port Publish a port as a node port
-q –quiet Simplify progress output
–read-only Mount the root file system of the container as read-only
–replicas uint Number of tasks (i.e. number of container replicas) 1
–reserve-cpu decimal Keep CPUs
–reserve-memory bytes Retain memory
–restart-condition string Restart conditions ("none", "on-failure", "any") any
–restart-delay duration Restart delay (ns/us/m s/s/m/h) 5s
–restart-max-attempts uint Maximum number of restarts before abandonment
–restart-window duration Windows for evaluating restart policies (ns/us/m s/s/m/h)
–rollback-delay duration Task rollback delay (ns/us/m s/s/m/h) 0s
–rollback-failure-action string Roll back failed operations ("pause", "continue") pause
–rollback-max-failure-ratio float Fault rate tolerated during rollback 0
–rollback-monitor duration Duration of each task after rollback to monitor failure (ns/us/m s/s/m/h) 5s
–rollback-order string Rollback order ("start-first"/"stop-first") stop-first
–rollback-parallelism uint Maximum number of tasks rolled back at the same time (0 means rollback all at the same time) 1
–secret secret Security mechanisms assigned to services
–stop-grace-period duration The waiting time before ending a container (ns/us/m s/s/m/h) 10s
–stop-signal string Stop container signal
-t –tty Assign a pseudo-TTY
–update-delay duration Update latency (ns/us/m s/s/m/h) 0s
–update-failure-action string Update failed actions ("pause", "continue", "rollback") pause
–update-max-failure-ratio float Failure rate tolerated during updates 0
–update-monitor duration Duration of each task update to monitor failure (ns/us/m s/s/m/h) 5s
–update-order string Update order ("start-first", "stop-first") stop-first
–update-parallelism uint Maximum number of tasks updated at the same time (0 represents all updates at the same time) 1
-u –user string Username or UID (format: <name/uid>[: <group/gid>])
–with-registry-auth Send authentication information to Swarm agent
-w –workdir string Working catalogue in container

Posted by ltoto on Mon, 05 Aug 2019 23:37:44 -0700

Hot Keywords

©2024 Programmer Group