Cluster construction
Environmental preparation
- Five CentOS machines with Docker installed, the versions are:
CentOS 7.8.2003 - Docker Engine 1.12+ (minimum requirement 1.12, this article uses 19.03.12)
- The firewall opens the following ports or closes the firewall:
- TCP port 2377, used for cluster management communication;
- TCP and UDP port 7946, used for communication between nodes;
- UDP port 4789, used for overlay network.
Machine distribution
| Character | IP | HOSTNAME | Docker version |
|---|---|---|---|
| Manager | 192.168.10.101 | manager1 | 19.03.12 |
| Manager | 192.168.10.102 | manager2 | 19.03.12 |
| Manager | 192.168.10.103 | manager3 | 19.03.12 |
| Worker | 192.168.10.10 | worker1 | 19.03.12 |
| Worker | 192.168.10.11 | worker2 | 19.03.12 |
- You can
hostname 主机名modify the machine's host name (with immediate effect, after the restart failure); - Or
hostnamectl set-hostname 主机名modify the host name of the machine (to take effect immediately, also restart to take effect); - Or
vi /etc/hostsedit the hosts file, as shown below, add the host name to 127.0.0.1 (restart to take effect).
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 manager1
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
复制代码
Create a cluster
In any node docker swarm initto create a new command and add the Swarm cluster, and the node will become the default Node Manager. According to our predefined role, run this command on any machine from 101 to 103.
Usually, the first management node to join the cluster will be Leader, and all management nodes that join later will be Reachable. If the current Leader dies, all Reachables will re-elect a new Leader.
[root@localhost ~]# docker swarm init --advertise-addr 192.168.10.101
Swarm initialized: current node (clumstpieg0qzzxt1caeazg8g) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5ob7jlej85qsygxubqypjuftiwruvew8e2cr4u3iuo4thxyrhg-3hbf2u3i1iagurdprl3n3yra1 192.168.10.101:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
复制代码
Join the cluster
The built-in cluster mode in Docker comes with a public key infrastructure (PKI) system, which makes it easy to deploy containers securely. The nodes in the cluster use Transport Layer Security (TLS) to authenticate, authorize, and encrypt communications with other nodes in the cluster.
By default, through docker swarm initthe creation of a new Swarm cluster command, Manager node generates a new root certificate authority (CA) and a key pair for communication between security protection and other nodes to join the cluster.
The Manager node will generate two tokens for other nodes to use when joining the cluster: a Worker token and a Manager token. Each token includes a digest of the root CA certificate and a randomly generated key. When a node joins the cluster, the joining node uses the digest to verify the root CA certificate from the remote management node. The remote management node uses the key to ensure that the joining node is an approved node.
Manager
To add nodes to the cluster Manager management node run the docker swarm join-token managercommand to view the managed node token information.
docker swarm join-token manager
复制代码
Then run on other nodes docker swarm joinand carrying a token parameters Swarm join a cluster, the node role as Manager.
Worker
From the results returned when the cluster is created, you can know that to add a Worker node to this cluster, run the command in the figure below. Or the management node run the docker swarm join-token workercommand to view the token information work node.
Then run on other nodes docker swarm joinand carrying a token parameters Swarm join a cluster, the node role Worker.
View cluster information
Manager run on any node, docker infoyou can view the current cluster.
View cluster nodes
Manager running on any node docker node lscan see the current cluster node information.
docker node ls
复制代码
*On behalf of the current node, the current environment consists of 3 management nodes consisting of 1 master, 2 slaves, and 2 working nodes.
Node MANAGER STATUSDescription: indicates Manager or Worker node belongs, not the value of the node belonging to Worker.
Leader: This node is the master node in the management node, responsible for cluster management and orchestration decisions of the cluster;Reachable: The node is a slave node in the management node. If the Leader node is unavailable, the node is eligible to be selected as the new Leader;Unavailable: The management node can no longer communicate with other management nodes. If the management node is unavailable, a new management node should be added to the cluster, or a working node should be upgraded to a management node.
Node AVAILABILITY: Indicates whether the scheduler can assign tasks to the node.
Active: The scheduler can assign tasks to the node;Pause: The scheduler will not assign new tasks to the node, but existing tasks can still run;Drain: The scheduler will not assign new tasks to the node, and will close all existing tasks of the node and schedule them on the available nodes.
Delete node
Manager
Need to delete a node before the node AVAILABILITYinstead Drain. Its purpose is to migrate the service of this node to other available nodes to ensure normal service. It is best to check the container migration to ensure that this step has been processed before proceeding.
docker node update --availability drain 节点名称|节点ID
复制代码
Then, downgrade the Manager node to be a Worker node.
docker node demote 节点名称|节点ID
复制代码
Then, run the following command on the node that has been demoted to Worker to leave the cluster.
docker swarm leave
复制代码
Finally, delete the node that has just left in the management node.
docker node rm 节点名称|节点ID
复制代码
Worker
Need to delete a node before the node AVAILABILITYinstead Drain. Its purpose is to migrate the service of this node to other available nodes to ensure normal service. It is best to check the container migration to ensure that this step has been processed before proceeding.
docker node update --availability drain 节点名称|节点ID
复制代码
Then, run the following command on the Worker node to be deleted to leave the cluster.
docker swarm leave
复制代码
Finally, delete the node that has just left in the management node.
docker node rm 节点名称|节点ID
复制代码
Service deployment
Note: Any operations related to cluster management are performed on the Manager node.
Create service
In the following example, a service named mynginx is created using nginx mirroring, and the service will be randomly assigned to a worker node to run.
docker service create --replicas 1 --name mynginx -p 80:80 nginx
复制代码
docker service create: Create a service;--replicas: Specify several instances of a service to run;--name:service name.
View service
Through docker service lsservice to view operation.
[root@manager1 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
hepx06k5ik5n mynginx replicated 1/1 nginx:latest *:80->80/tcp
复制代码
By can docker service inspect 服务名称|服务IDview the details of the service.
[root@manager1 ~]# docker service inspect mynginx
[
{
"ID": "k0dbjg1zzy3l3g71kdwa56ect",
"Version": {
"Index": 127
},
"CreatedAt": "2020-09-16T10:05:55.627974095Z",
"UpdatedAt": "2020-09-16T10:05:55.629507771Z",
"Spec": {
"Name": "mynginx",
"Labels": {},
"TaskTemplate": {
"ContainerSpec": {
"Image": "nginx:latest@sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0",
"Init": false,
"StopGracePeriod": 10000000000,
"DNSConfig": {},
"Isolation": "default"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "any",
"Delay": 5000000000,
"MaxAttempts": 0
},
"Placement": {
"Platforms": [
{
"Architecture": "amd64",
"OS": "linux"
},
{
"OS": "linux"
},
{
"OS": "linux"
},
{
"Architecture": "arm64",
"OS": "linux"
},
{
"Architecture": "386",
"OS": "linux"
},
{
"Architecture": "mips64le",
"OS": "linux"
},
{
"Architecture": "ppc64le",
"OS": "linux"
},
{
"Architecture": "s390x",
"OS": "linux"
}
]
},
"ForceUpdate": 0,
"Runtime": "container"
},
"Mode": {
"Replicated": {
"Replicas": 1
}
},
"UpdateConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"RollbackConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"EndpointSpec": {
"Mode": "vip",
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 80,
"PublishMode": "ingress"
}
]
}
},
"Endpoint": {
"Spec": {
"Mode": "vip",
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 80,
"PublishMode": "ingress"
}
]
},
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 80,
"PublishMode": "ingress"
}
],
"VirtualIPs": [
{
"NetworkID": "st2xiy7pjzap093wz4w4u6nbs",
"Addr": "10.0.0.15/24"
}
]
}
}
]
复制代码
You can docker service ps 服务名称|服务IDrun on which nodes to view the service.
On the corresponding node running the task docker pscan view the service information corresponding to the container.
Call service
Next, we test whether the service can be accessed normally, and the IP address of any node in the cluster must be able to access the service.
Test result: All 5 machines can access the service normally.
Flexible service
After the service is deployed to the cluster, the number of containers in the service can be flexibly expanded and contracted through commands. The container running in the service is called a task.
By the docker service scale 服务名称|服务ID=nservice task may be running scalable capacity is n.
By docker service update --replicas n 服务名称|服务IDmay achieve expansion volume reduction effect.
Expand the tasks run by mynginx service to 5:
[root@manager1 ~]# docker service scale mynginx=5
mynginx scaled to 5
overall progress: 5 out of 5 tasks
1/5: running [==================================================>]
2/5: running [==================================================>]
3/5: running [==================================================>]
4/5: running [==================================================>]
5/5: running [==================================================>]
verify: Service converged
复制代码 By docker service ps 服务名称|服务IDviewing services are running on which nodes.
Let's have another wave of shrinking operations, the command is as follows:
[root@manager1 ~]# docker service update --replicas 3 mynginx
mynginx
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
复制代码 By docker service ps 服务名称|服务IDviewing services are running on which nodes.
In the Swarm cluster mode, the so-called elastic service is realized in a real sense . The dynamic expansion and contraction can be done by one line of commands, which is simple, convenient and powerful.
Delete service
Through docker service rm 服务名称|服务IDto remove the service.
[root@manager1 ~]# docker service rm mynginx
mynginx
[root@manager1 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
复制代码
Rolling update and rollback
The following case will demonstrate how to upgrade the Redis version to a higher version and then roll back to the last operation.
First, create 5 copies of the Redis service, the version is 5. The detailed commands are as follows:
# 创建 5 个副本,每次更新 2 个,更新间隔 10s,20% 任务失败继续执行,超出 20% 执行回滚,每次回滚 2 个
docker service create --replicas 5 --name redis \
--update-delay 10s \
--update-parallelism 2 \
--update-failure-action continue \
--rollback-monitor 20s \
--rollback-parallelism 2 \
--rollback-max-failure-ratio 0.2 \
redis:5
复制代码--update-delay: Define the time interval of rolling update;--update-parallelism: Define the number of copies updated in parallel, the default is 1;--update-failure-action: Define the actions performed after the container fails to start;--rollback-monitor: Define the monitoring time for rollback;--rollback-parallelism: Define the number of copies to be rolled back in parallel;--rollback-max-failure-ratio: Task failure rollback ratio, the rollback operation is performed when the ratio exceeds this ratio, 0.2 means 20%.
Then implement the rolling update of the service through the following commands.
docker service update --image redis:6 redis
复制代码
Rolling back the service can only roll back to the state of the last operation, and cannot continuously roll back to the specified operation.
docker service update --rollback redis
复制代码
Common commands
docker swarm
| command | Description |
|---|---|
| docker swarm init | Initialize the cluster |
| docker swarm join-token worker | View the token of the worker node |
| docker swarm join-token manager | View the token of the management node |
| docker swarm join | Join the cluster |
docker node
| command | Description |
|---|---|
| docker node ls | View all nodes in the cluster |
| docker node ps | View all tasks of the current node |
| docker node rm node name|node ID | Delete node ( -fmandatory deletion) |
| docker node inspect node name|node ID | View node details |
| docker node demote node name|node ID | Node downgrade, downgrade from management node to working node |
| docker node promote node name|node ID | Node upgrade, from working node to management node |
| docker node update node name|node ID | Update node |
docker service
| command | Description |
|---|---|
| docker service create | Create service |
| docker service ls | View all services |
| docker service inspect service name|service ID | View service details |
| docker service logs service name|service ID | View service log |
| docker service rm service name|service ID | Delete service ( -fmandatory deletion) |
| docker service scale service name|service ID=n | Set the number of services |
| docker service update service name|service ID | Update service |
Author: hello Mr. Ward
link: https: //juejin.im/post/6873687528726085640