Linux命令 Docker swarm


原文链接: Linux命令 Docker swarm

ElasticSearch cluster using Docker Swarm mode 1.12

基本知识

docker swarm init --advertise-addr 192.168.99.100
--advertise-addr vboxnet0 指定发布ip;绑定监听网卡
--advertise-addr 参数用来标记当前管理节点发布出去后的网络地址,集群中的其他节点应该可以通过这个IP访问到管理节点

(3)开放主机端口
下面的端口必须是开放的:
TCP端口2377,集群管理通信
TCP和UDP端口7946,节点间通信
TCP和UDP端口4789,overlay网络交互
firewall-cmd --permanent --add-port=7946/tcp
firewall-cmd --permanent --add-port=7946/udp
firewall-cmd --permanent --add-port=4789/udp

swarm集群

  1. create dockerd:2376

    docker-machine create -d generic --engine-registry-mirror=https://fl7aylpq.mirror.aliyuncs.com --generic-ip-address=139.129.234.31 --generic-ssh-user=root --generic-ssh-key=$HOME/.ssh/id_rsa --generic-ssh-port 22 ubuntu
    docker-machine create -d generic --engine-registry-mirror=https://amoq5ee6.mirror.aliyuncs.com --generic-ip-address=139.129.108.163  --generic-ssh-user=root --generic-ssh-key=$HOME/.ssh/id_rsa --generic-ssh-port 22 aliyun
    > vi /etc/systemd/system/docker.service $ENGINE_REGISTRY_MIRROR
    > ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver devicemapper --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --registry-mirror https://amoq5ee6.mirror.aliyuncs.com
    
    docker run -d --name mariadb -p 3306:3306 -v /var/lib/mysql:/var/lib/mysql -v /var/run/mysqld:/var/run/mysqld mariadb:5.5
    
    docker-machine create -d virtualbox swmaster # This will be the master
    docker-machine create -d virtualbox swnode
    
    > dockerd -D -g /var/lib/docker -H unix:// -H tcp://0.0.0.0:2376 --label provider=virtualbox --tlsverify --tlscacert=/var/lib/boot2docker/ca.pem --tlscert=/var/lib/boot2docker/server.pem --tlskey=/var/lib/boot2docker/server-key.pem -s aufs
    > docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime docker-runc --debug
    
  2. active
    & docker-machine.exe env aliyun | Invoke-Expression
    eval $(docker-machine env swmaster)

  3. swarm node:2377

    • 一台机器只能创建一个swarm 通过 docker swarm init --advertise-addr vboxnet0绑定监听网卡
    • 本机器失效后 docker swarm leave --froce 删除本节点
    • 通过 docker node rm --force ubuntu 删除无效节点
    • 所有manger节点失效后 集群失效
    • 即使有manager 节点,当leader 节点swarm leave 之后 集群失效
    • leader 通过 docker node demote self 可以将控制转移
      正确的处理方式:
  4. manager->leader: docker node demote leader

  5. manager->leader: docker node rm --force leader

  6. leader->work: docker leave

推荐做法:

  1. 保证manager的数量>3
  2. 确保 docker swarm join-token manager 在leader上执行

    docker $(docker-machine config swmaster) swarm init --advertise-addr $(docker-machine ip swmaster)
    
    docker swarm join-token manager
    
    docker $(docker-machine config swnode) swarm join --token SWMTKN-1-26tk5t6vg1h9z4vq3z7e17z2wcvor2kt5ws6433qoqli0xh0os-ccy5d06jj4w3mj6s4twe4vs9m $(docker-machine ip swmaster)
    
    docker node rm swnode --force #删除swarm work
    
  3. swarm service
    docker run 替换成 docker service create

    滚动更新我们worker, 每次更新2个副本容器, 延迟5s

    docker service update worker --update-parallelism 2 --update-delay 5s --image localhost:5000/dockercoins_worker:v0.01
    docker service update worker --image localhost:5000/dockercoins_worker:v0.1 #回滚

    docker service create --replicas 5 --name helloworld alpine ping google.com
    docker service create alpine ping 8.8.8.8
    docker service list
    docker logs d6155498b874
    docker service ps d6155498b874
    watch docker service list
    docker service ls -q | xargs docker service rm #删除服务
    

    ELK日志平台

  4. ElasticSearch 用来存储和索引日志.

  5. Logstash 用来接收, 发送, 过滤, 分隔日志.

  6. Kibana 用来搜索, 展示, 分析日志的UI

用 Label 控制 Service 运行在指定的node上

1. 为每个 node 定义 label。
label 可以灵活描述 node 的属性,其形式是 key=value,用户可以任意指定,例如将 swarm-worker1 作为测试环境,为其添加 label env=test:

docker node update --label-add env=test swarm-worker1

2. 设置 service 运行在指定 label 的 node 上。

对应的,将 swarm-worker2 作为生产环境,添加 label env=prod:

docker node update --label-add env=prod swarm-worker2

现在部署 service 到测试环境:

docker service create --constraint node.labels.env==test

  --replicas 3 \
  --name my_web \
  --publish 8080:80 \
  httpd

--constraint node.labels.env==test 限制将 service 部署到 label=test 的 node,即 swarm-worker1。从部署结果看,三个副本全部都运行在 swarm-worker1 上。

可以通过 docker service inspect 查看 --constraint 的设置:

更新 service,将其迁移到生产环境:

docker service update --constraint-rm node.labels.env==test my_web
docker service update --constraint-add node.labels.env==prod my_web

删除并添加新的 constraint,设置 node.labels.env==prod,最终所有副本都迁移到了 swarm-worker2。

547.png

label 还可以跟 global 模式配合起来使用,比如只收集生产环境中容器的日志。

docker service create

   --mode global \
   --constraint node.labels.env==prod \
   --name logspout \
   --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
   gliderlabs/logspout

只有 swarm-worker2 节点上才会运行 logspout。

swarm集群

  1. create dockerd:2376

    docker-machine create -d generic --engine-registry-mirror=https://fl7aylpq.mirror.aliyuncs.com --generic-ip-address=139.129.234.31 --generic-ssh-user=root --generic-ssh-key=$HOME/.ssh/id_rsa --generic-ssh-port 22 ubuntu
    docker-machine create -d generic --engine-registry-mirror=https://amoq5ee6.mirror.aliyuncs.com --generic-ip-address=139.129.108.163  --generic-ssh-user=root --generic-ssh-key=$HOME/.ssh/id_rsa --generic-ssh-port 22 aliyun
    > vi /etc/systemd/system/docker.service $ENGINE_REGISTRY_MIRROR
    > ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver devicemapper --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --registry-mirror https://amoq5ee6.mirror.aliyuncs.com
    
    docker run -d --name mariadb -p 3306:3306 -v /var/lib/mysql:/var/lib/mysql -v /var/run/mysqld:/var/run/mysqld mariadb:5.5
    
    docker-machine create -d virtualbox swmaster # This will be the master
    docker-machine create -d virtualbox swnode
    
    > dockerd -D -g /var/lib/docker -H unix:// -H tcp://0.0.0.0:2376 --label provider=virtualbox --tlsverify --tlscacert=/var/lib/boot2docker/ca.pem --tlscert=/var/lib/boot2docker/server.pem --tlskey=/var/lib/boot2docker/server-key.pem -s aufs
    > docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime docker-runc --debug
    
  2. active
    & docker-machine.exe env aliyun | Invoke-Expression
    eval $(docker-machine env swmaster)

  3. swarm node:2377

    • 一台机器只能创建一个swarm 通过 docker swarm init --advertise-addr vboxnet0绑定监听网卡
    • 本机器失效后 docker swarm leave --froce 删除本节点
    • 通过 docker node rm --force ubuntu 删除无效节点
    • 所有manger节点失效后 集群失效
    • 即使有manager 节点,当leader 节点swarm leave 之后 集群失效
    • leader 通过 docker node demote self 可以将控制转移
      正确的处理方式:
  4. manager->leader: docker node demote leader

  5. manager->leader: docker node rm --force leader

  6. leader->work: docker leave

推荐做法:

  1. 保证manager的数量>3
  2. 确保 docker swarm join-token manager 在leader上执行

    docker $(docker-machine config swmaster) swarm init --advertise-addr $(docker-machine ip swmaster)
    
    docker swarm join-token manager
    
    docker $(docker-machine config swnode) swarm join --token SWMTKN-1-26tk5t6vg1h9z4vq3z7e17z2wcvor2kt5ws6433qoqli0xh0os-ccy5d06jj4w3mj6s4twe4vs9m $(docker-machine ip swmaster)
    
    docker node rm swnode --force #删除swarm work
    
  3. swarm service
    docker run 替换成 docker service create

    滚动更新我们worker, 每次更新2个副本容器, 延迟5s

    docker service update worker --update-parallelism 2 --update-delay 5s --image localhost:5000/dockercoins_worker:v0.01
    docker service update worker --image localhost:5000/dockercoins_worker:v0.1 #回滚

    docker service create --replicas 5 --name helloworld alpine ping google.com
    docker service create alpine ping 8.8.8.8
    docker service list
    docker logs d6155498b874
    docker service ps d6155498b874
    watch docker service list
    docker service ls -q | xargs docker service rm #删除服务
    

    ELK日志平台

  4. ElasticSearch 用来存储和索引日志.

  5. Logstash 用来接收, 发送, 过滤, 分隔日志.

  6. Kibana 用来搜索, 展示, 分析日志的UI

label

[root@swarm-manager ~]# docker node update --label-add project=nginx swarm-node2
[root@swarm-manager ~]# docker node update --label-add "datacenter=xiamen" swarm-node1
[root@swarm-manager ~]# docker node update --label-add "datacenter=fuzhou" swarm-node2
[root@swarm-manager ~]# docker node inspect -f {{.Spec.Labels}} swarm-node1
map[datacenter:xiamen]
[root@swarm-manager ~]# docker node inspect -f {{.Spec.Labels}} swarm-node2
map[datacenter:fuzhou project:nginx]

constraint

[root@swarm-manager ~]# docker service create --replicas=4 --constraint 'node.hostname == swarm-node1' --name nginx-c1 nginx
[root@swarm-manager ~]# docker service create --replicas=4 --constraint 'node.labels.project == nginx' --name nginx-c2 nginx
[root@swarm-manager ~]# docker service ps nginx-c1
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
sqcyg8wm8gdt nginx-c1.1 nginx:latest swarm-node1 Running Running 5 minutes ago
ttst5umkpt6g nginx-c1.2 nginx:latest swarm-node1 Running Running 5 minutes ago
lpiz1vsaj6p3 nginx-c1.3 nginx:latest swarm-node1 Running Running 5 minutes ago
ykvrdyty4qie nginx-c1.4 nginx:latest swarm-node1 Running Running 5 minutes ago
[root@swarm-manager ~]# docker service ps nginx-c2
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
x322u16dfnyt nginx-c2.1 nginx:latest swarm-node2 Running Running 5 minutes ago
zjp93whpf4ah nginx-c2.2 nginx:latest swarm-node2 Running Running 5 minutes ago
ff3usxkpo5ae nginx-c2.3 nginx:latest swarm-node2 Running Running 5 minutes ago
p3g0haaqg6yu nginx-c2.4 nginx:latest swarm-node2 Running Running 5 minutes ago

placement

[root@swarm-manager ~]# docker service create --replicas=6 --placement-pref 'spread=node.labels.datacenter' --name nginx-c3 nginx
[root@swarm-manager ~]# docker service ps nginx-c3

`