What is the docker swarm?
Swarm belong to a separate project before Docker 1.12 version, after Docker 1.12 release, the project incorporated into the Docker and become a sub-command of Docker. Currently, Swarm is the only native support Docker Docker cluster management tools provided by the community. It can put the system consisting of multiple hosts Docker converted into a single virtual host Docker, so that the container can form cross-subnet network host.
Docker Swarm is a provider of clustering and scheduling capabilities for IT operations teams scheduling tool. Users can cluster all Docker Engine integrated into a "Virtual Engine" resource pool, by executing the command to communicate with a single master Swarm, rather than separately, and each Docker Engine communication. In the flexible scheduling strategy, IT teams can better manage the available host resources to ensure the efficient operation of the application container.
Swarm basic architecture as shown below:
Docker Swarm advantage
Of any size, has high performance for Docker Engine cluster and enterprise-class vessel scheduling, scalability is key. Companies of any size - both have five or thousands of servers - can effectively use Swarm in its environment. After testing, Swarm limit scalability is to run 50,000 vessels deployed on the 1000 node, start time of each container is sub-second, while the performance undiminished.
Flexible scheduling container
Swarm helps IT operations teams under limited conditions to optimize performance and resource utilization. Swarm built scheduler (Scheduler) supports multiple filter, comprising: a node label, affinity, and a variety of strategies such as the container portion binpack, spread, random and the like.
Continued availability of services
Docker Swarm provides high availability by the Swarm Manager, when alternative strategies by creating multiple Swarm master node and the development of primary master node goes down. If a master node goes down, then a slave node will be upgraded to a master node until the original master node back to normal. In addition, if a node can not join the cluster, Swarm will continue to try to join, and provide alerts and error logs. When the failed node, Swarm can now attempt to reschedule the container up to the normal node.
And Docker API compatibility and integration support
Swarm full support for Docker API, which means that it can Docker to use different tools (such as Docker CLI, Compose, Trusted Registry, Hub and UCP) provides a seamless user experience.
Docker Swarm provides native support for the core functionality of the application Docker (such as multi-host networking and storage volume management)
Developed Compose file can easily be deployed to the test server or cluster Swarm (by docker-compose up). Docker Swarm also from Docker Trusted Registry Hub or pull and run in the mirror.
A. Experimental environment
| Host computer | IP addresses | service |
|---|---|---|
| docker01 | 192.168.1.11 | swarm+service+webUI+registry |
| docker02 | 192.168.1.13 | docker |
| docker03 | 192.168.1.20 | docker |
Three hosts are closed firewall, disable selinux, modify the host name, time synchronization, and add DNS.
docker version must be: v1.12 version start (docker version can be used to view version)
1. Turn off the firewall, disable selinux
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# hostnamectl set-hostname docker03
[root@localhost ~]# su -2. Time Synchronization
mv /etc/localtime /etc/localtime.bk
cp /usr/share/zoneinfo/Asia/Shanghai/etc/localtime3. Modify the host name (three to be)
[root@localhost ~]# hostnamectl set-hostname docker01
[root@localhost ~]# su -4. Add DNS
[root@docker01 ~]# echo 192.168.1.11 docker01 >> /etc/hosts
[root@docker01 ~]# echo 192.168.1.13 docker02 >> /etc/hosts
[root@docker01 ~]# echo 192.168.1.20 docker03 >> /etc/hostsTwo. Docker01 cluster initialization
[root@docker01 ~]# docker swarm init --advertise-addr 192.168.1.11--advertise-addr: the address to communicate with other specifying docker.
Top results returned to tell us: initialized successfully, and run the following command if you want to add nodes work:
Note: token token is only valid for 24 hours
Run the following command: If you want to add a node manager
Three, docker02 and docker03 worker to join the cluster
[root@docker03 ~]# docker swarm join --token SWMTKN-1-5kxn9wloh7npnytklwbfciesr9di7uvu521gwnqm9h1n0pbokj-1e60wt0yr5583e4mzwbxnn3a8 192.168.1.11:2377docker01 View Cluster
[root@docker01 ~]# docker node ls
* Note: where "**** " represents the node currently belongs
IV. Setting manager node (docker01) does not participate in the work
[root@docker01 ~]# docker node update docker01 --availability drainAfter setting the host is not running container docker01, but has been running the container does not stop
back "--availability" options There are three configurable options, as follows:
"the Active": work; "pause": temporarily not working; "drain" : no permanent job
[root@docker01 ~]# docker node ls
Five. Docker01 deploy a graphical interface webUI
Import mirror 1.docker01
[root@docker01~]# docker pull dockersamples/visualizer2. Start a container based mirroring
[root@docker01 ~]# docker run -d -p 8080:8080 -e HOST=192.168.1.100 -e PORT=8080 -v /var/run/docker.sock:/var/run/docker.sock --name visualiaer dockersamples/visualizer3. Verify access through a browser http://192.168.1.11:8080/
If you can not access the page, you need to enable routing and forwarding
[root@docker01 ~]# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
[root@docker01 ~]# sysctl -pSix. Docker01 deploy a private warehouse
Docker01 deployment
72 docker pull registry
//下载registry镜像
73 docker run -itd --name registry -p 5000:5000 --restart=always registry:latest
//基于registry镜像,启动一台容器
78 vim /usr/lib/systemd/system/docker.service #13行修改
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.11:5000
80 systemctl daemon-reload
81 systemctl restart docker.service
//重启docker
76 docker tag busybox:latest 192.168.1.11:5000/busybox:v1
//把容器重命名一个标签
77 docker ps
78 vim /usr/lib/systemd/system/docker.service #13行修改
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.11:5000
80 systemctl daemon-reload
81 systemctl restart docker.service
//重启docker
100 docker push 192.168.1.11:5000/busybox:v1
//上传容器到私有仓库Docker02 and docker03 join private warehouse
78 vim /usr/lib/systemd/system/docker.service #13行修改
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.11:5000
80 systemctl daemon-reload
81 systemctl restart docker.service
//重启docker
99 docker pull 192.168.1.11/busybox:v1
//测试下载VII. Custom Mirror
Requirements: httpd-based mirroring, change the access interface content. Mirror tag version v1, v2, v3, content corresponding to the host side v1, xgp666, v2, xgp666, v2, xgp666
[root@docker01 ~]# docker pull httpd
//下载httpd镜像Create three test directory
[root@docker01 ~]# mkdir {v1,v2,v3}
//创建测试目录docker01, v1 directory operations
[root@docker01 ~]# cd v1
[root@docker01 v1]# echo v1,xgp666 > index.html
//创建测试网页
[root@docker01 v1]# vim Dockerfile
//编写Dockerfile
FROM httpd
ADD index.html /usr/local/apache2/htdocs/index.html
[root@docker01 v1]# docker build -t 192.168.1.11:5000/httpd:v1 .
//基于dockerfile创建镜像
[root@docker01 v1]# docker push 192.168.1.11:5000/httpd:v1
//上传刚刚创建镜像到私有仓库docker01, v2 directory operations
[root@docker01 v1]# cd ../v2
[root@docker01 v2]# echo v2,xgp666 > index.html
[root@docker01 v2]# vim Dockerfile
//编写Dockerfile
FROM httpd
ADD index.html /usr/local/apache2/htdocs/index.html
[root@docker01 v2]# docker build -t 192.168.1.11:5000/httpd:v2 .
//基于dockerfile创建镜像
[root@docker01 v2]# docker push 192.168.1.11:5000/httpd:v2
//上传刚刚创建镜像到私有仓库docker01, v3 directory operations
[root@docker01 v1]# cd ../v3
[root@docker01 v2]# echo v3,xgp666 > index.html
[root@docker01 v2]# vim Dockerfile
//编写Dockerfile
FROM httpd
ADD index.html /usr/local/apache2/htdocs/index.html
[root@docker01 v2]# docker build -t 192.168.1.11:5000/httpd:v3 .
//基于dockerfile创建镜像
[root@docker01 v2]# docker push 192.168.1.11:5000/httpd:v3
//上传刚刚创建镜像到私有仓库VIII. Publish a service, based on the above image
Requirements: The number of copies is three. Name of the service is: bdqn
[root@docker01 v3]# docker service create --replicas 3 --name bdqn -p 80:80 192.168.1.11:5000/httpd:v1Look at network
[root@docker03 ~]# docker network ls
Default Ingress network, including creating custom overlay network to provide users with real container back-end services, providing a unified entrance.
service 通过 ingress load balancing 来发布服务,且 swarm 集群中所有 node 都参与到 ingress 路由网格(ingress routing mesh) 中,访问任意一个 node+PublishedPort 即可访问到服务。
当访问任何节点上的端口80时,Docker将您的请求路由到活动容器。在群节点本身,端口80可能并不实际绑定,但路由网格知道如何路由流量,并防止任何端口冲突的发生。
路由网格在发布的端口上监听分配给节点的任何IP地址。对于外部可路由的IP地址,该端口可从主机外部获得。对于所有其他IP地址,只能从主机内部访问。
查看一下创建的副本
[root@docker01 v3]# docker service ps bdqn
浏览器测试访问http://192.168.1.11:80,http://192.168.1.13:80,http://192.168.1.20:80
修改docker02和docker03测试网页内容
docker02
[root@docker02 ~]# docker exec -it 388f3bd9dd33 /bin/bash
root@388f3bd9dd33:/usr/local/apache2# cd htdocs/
root@388f3bd9dd33:/usr/local/apache2/htdocs# echo 123 > index.html docker03
[root@docker03 ~]# docker exec -it 281454867fac /bin/bash
root@281454867fac:/usr/local/apache2# echo 321 > htdocs/index.html 测试访问(每一台都会显示,会负载均衡)
要求:副本数量为3个。服务的名称为:test
[root@docker01 v3]# docker service create --replicas 3 --name test -p 80 192.168.1.11:5000/httpd:v1查看创建的服务映射端口
[root@docker01 v3]# docker service ls
默认映射端口30000-32767
九. 服务的扩容与缩容
扩容
[root@docker01 v3]# docker service scale bdqn=6缩容
[root@docker01 v3]# docker service scale bdqn=4扩容与缩容直接直接通过scale进行设置副本数量。
十.服务的升级与回滚
(1)升级
docker service upadte 命令参数详解
--force 强制更新重启服务,无论是否配置或镜像改变都更新
--image <image:tag> 制定更新的镜像
--with-registry-auth 向 Swarm 代理发送 Registry 认证详细信息,私有仓库需要携带该参数
[root@docker01 ~]# docker service update --image 192.168.1.11:5000/httpd:v2 bdqn
//把bdqn服务升级成v2的版本测试访问一下
(2)平滑的更新
[root@docker01 ~]# docker service update --image 192.168.1.11:5000/httpd:v3 --update-parallelism 2 --update-delay 1m bdqn
//两个服务一起更新,然后,隔一分钟,继续更新By default, swarm- updated only once - copy, and there is no waiting time between two copies, we can
--update-parallelism; the number of copies set parallel update.
--update-delay: Specifies the rolling update interval.
Test access it
(3) rollback
[root@docker01 ~]# docker service rollback bdqn Note, docker swarm of rollback, can only be rolled back to a default - operations of the state and can not roll back to a specified continuous operation.
Test access it
XI, note:
If a machine to enable multiple service Note rational allocation of cpu and memory resources, because it will eat tomcat memory at startup compile time, multi-threaded and docker is started, all define what is the best (set resources.limits) No person causes memory at the same time light, some services failed to start, of course, but also setting error restart (restart_policy.condition: on-failure), another set resources.reservations be careful not to exceed the total memory or cpu percentage, whether the person will cause unable to get service back cpu or memory resources "no suitable node (insufficien" error (this error is very strange, a service does not start, nor output log, using the "docker stack ps [xxxx]" appears to view the status displays this error) Unable to start