Docker swarm 是docker官方的三大項目之一,提供docker容器集羣服務,是docker官方對容器雲生態支持的核心方案,Docker Swarm項目開始於2014年,是Docker公司推出的第一個容器集羣項目。使用docker swarm可以將多個docker主機封裝爲一個大型的虛擬docker主機,swarm集羣提供給用戶管理集羣內所有容器的操作接口與使用一臺docker主機幾乎相同,從而可以快速打造一套容器雲服務
Docker Swarmkit項目開始於2016年,是Docker公司推出的第二個容器集羣項目,於Docker1.12版本正式發佈。雖然也叫Swarm,但是與第一個項目完全不同。該項目直接在Docker Engine上內嵌了集羣管理功能,並新增了集羣管理的用戶接口。
兩個容器集羣項目可能實現了相同的功能,但其上層接口還是有很大的不同,Docker公司推薦用戶使用更適合自己的項目,如果都沒有使用過,推薦使用後者。另外,Docker Swarm項目並沒有被Docker公司列爲不推薦的項目,仍然會繼續支持新的Docker Engine的功能。
swarm v1是典型的mater-slave結構,需要通過發現服務來選舉出manager,而manager是中心管理節點,而各個節點通過運行agent接受manager的統一管理
swarm v2中,swarm集羣會自動通過Raft協議分佈式選舉出manager節點,因此無需配置額外的發現服務,從而避免了單點瓶頸;且swarm v2內置了DNS負載均衡和對外部負載均衡機制的支持
本實驗基於docker swarm v1版本,實驗環境如下:
docker-1 192.168.1.193
docker-2 192.168.1.194
docker-3 192.168.1.195
在各個docker主機上安裝swarm,啓動docker daemon
root@docker-1:~# docker pull swarm
root@docker-1:~# docker run --rm swarm -v
swarm version 1.2.8 (48d86b1)
root@docker-1:~# service docker stop
docker stop/waiting
root@docker-1:~# dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
root@docker-1:~# netstat -tunlp|grep docker
tcp6 0 0 :::2375 :::* LISTEN 1698/dockerd
root@docker-2:~# docker pull swarm
root@docker-2:~# service docker stop
docker stop/waiting
root@docker-2:~# dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
root@docker-3:~# docker pull swarm
root@docker-3:~# service docker stop
docker stop/waiting
root@docker-3:~# dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
在任意一個節點上使用docker swarm 命令來在docker hub上進行註冊(採用docker hub的服務發現後端,但必須要求所有docker主機可以訪問外網),且會產生一個token,用來標識和管理集羣
root@docker-1:~# docker run --rm swarm create
1081dc3745b8dfd45ff863c13d74d96c
在所有要加入swarm集羣的docker主機上執行swarm join命令,將各個節點加入swarm集羣
root@docker-1:~# docker run -d swarm join --addr=192.168.1.193:2375 token://1081dc3745b8dfd45ff863c13d74d96c
fbc0c47268e1e631c4839b41107cac08bd33c9b27380283768efda84ab3ae373
root@docker-2:~# docker run -d swarm join --addr=192.168.1.194:2375 token://1081dc3745b8dfd45ff863c13d74d96c
b88ab2e5eb4e787ad56df06fd6f7e879aacbd35b36743d2943002b882cd8865f
root@docker-3:~# docker run -d swarm join --addr=192.168.1.195:2375 token://1081dc3745b8dfd45ff863c13d74d96c
1b62af7b1ecf7d428f7dd25df71a0523742cecdb1341eb76560225a77336b12f
因爲沒有配置manager節點,所以此命令無法使用
root@docker-1:~# docker node ls
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
查看各個節點的容器情況,可以與後續實驗做對比
root@docker-1:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fbc0c47268e1 swarm "/swarm join --add..." 6 minutes ago Up 6 minutes 2375/tcp competent_benz
root@docker-1:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fbc0c47268e1 swarm "/swarm join --add..." 6 minutes ago Up 6 minutes 2375/tcp competent_benz
root@docker-2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b88ab2e5eb4e swarm "/swarm join --add..." 4 minutes ago Up 4 minutes 2375/tcp romantic_poincare
root@docker-2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b88ab2e5eb4e swarm "/swarm join --add..." 4 minutes ago Up 4 minutes 2375/tcp romantic_poincare
root@docker-3:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b88ab2e5eb4e swarm "/swarm join --add..." 4 minutes ago Up 4 minutes 2375/tcp romantic_poincare
root@docker-3:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b88ab2e5eb4e swarm "/swarm join --add..." 4 minutes ago Up 4 minutes 2375/tcp romantic_poincare
用swarm manage命令將docker-1節點配置成爲管理節點該命令將啓用manager服務,且默認監聽到2375端口,所有集羣的管理都可以通過該服務的接口進行操作,但是manager服務和docker服務
的監聽端口相同,而這樣做是爲了兼容其他基於docker的服務,可以無縫的切換到swarm平臺;但有與本次實驗採用的是docker容器的方式啓用manager服務,本地的2375端口已被docker daemon佔用,
所以將manager服務的端口映射到一個空閒的端口12375
root@docker-1:~# docker run -d -p 12375:2375 swarm manage token://1081dc3745b8dfd45ff863c13d74d96c
ad81e842302de642ba7bf5514b12ce6ea46070abc68c6e15a4eefc0b8e5dfc57
root@docker-1:~# netstat -tunlp |grep docker
tcp6 0 0 :::12375 :::* LISTEN 2191/docker-proxy
tcp6 0 0 :::2375 :::* LISTEN 1698/dockerd
產看docker-1節點運行的容器和所有容器
root@docker-1:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad81e842302d swarm "/swarm manage tok..." 4 seconds ago Up 3 seconds 0.0.0.0:12375->2375/tcp hungry_benz
fbc0c47268e1 swarm "/swarm join --add..." 19 minutes ago Up 19 minutes 2375/tcp competent_benz
root@docker-1:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad81e842302d swarm "/swarm manage tok..." 13 seconds ago Up 12 seconds 0.0.0.0:12375->2375/tcp hungry_benz
fbc0c47268e1 swarm "/swarm join --add..." 19 minutes ago Up 19 minutes 2375/tcp competent_benz
可以再任意節點執行swarm list 命令查看集羣的節點列表
root@docker-1:~# docker run --rm swarm list token://1081dc3745b8dfd45ff863c13d74d96c
192.168.1.193:2375
192.168.1.195:2375
192.168.1.194:2375
root@docker-2:~# docker run --rm swarm list token://1081dc3745b8dfd45ff863c13d74d96c
192.168.1.193:2375
192.168.1.195:2375
192.168.1.194:2375
可以再任意節點可以創建集羣容器,如docker-3
root@docker-3:~# docker -H 192.168.1.193:12375 run -d centos ping www.baidu.com
41ca94b3da41767ecd87de7d37a3611141dc8b36aad52211b75374b153628312
查看集羣所有節點運行的容器
root@docker-3:~# docker -H 192.168.1.193:12375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
41ca94b3da41 centos "ping www.baidu.com" 3 minutes ago Up 3 minutes docker-2/vigilant_bose
查看集羣所有節點的容器
root@docker-3:~# docker -H 192.168.1.193:12375 ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
41ca94b3da41 centos "ping www.baidu.com" 3 minutes ago Up 3 minutes docker-2/vigilant_bose
ad81e842302d swarm "/swarm manage tok..." 13 minutes ago Up 13 minutes 192.168.1.193:12375->2375/tcp docker-1/hungry_benz
1b62af7b1ecf swarm "/swarm join --add..." 30 minutes ago Up 30 minutes 2375/tcp docker-3/ecstatic_elion
b88ab2e5eb4e swarm "/swarm join --add..." 30 minutes ago Up 30 minutes 2375/tcp docker-2/romantic_poincare
fbc0c47268e1 swarm "/swarm join --add..." 32 minutes ago Up 32 minutes 2375/tcp docker-1/competent_benz
查看本節點docker-3 正在運行的容器
root@docker-3:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b62af7b1ecf swarm "/swarm join --add..." 31 minutes ago Up 31 minutes 2375/tcp ecstatic_elion
查看本節點docker-3 的所有容器
root@docker-3:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b62af7b1ecf swarm "/swarm join --add..." 31 minutes ago Up 31 minutes 2375/tcp ecstatic_elion
root@docker-3:~#
在docker-1主機上分別執行節點和集羣的docker info看看,可以對比一下
root@docker-1:~# docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 1
Server Version: 17.05.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 7
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9048e5e50717ea4497b757314bad98ea3763c145
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Security Options:
apparmor
Kernel Version: 4.4.0-31-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 726.7MiB
Name: docker-1
ID: A3OC:Z223:S7IY:6KF6:U2TE:N26E:CEMT:2VEH:5AR6:LVY5:U2KI:52P5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
root@docker-1:~# docker -H 192.168.1.193:12375 info
Containers: 5
Running: 5
Paused: 0
Stopped: 0
Images: 5
Server Version: swarm/1.2.8
Role: primary
Strategy: spread
Filters: health, port, containerslots, dependency, affinity, constraint, whitelist
Nodes: 3
docker-1: 192.168.1.193:2375
└ ID: A3OC:Z223:S7IY:6KF6:U2TE:N26E:CEMT:2VEH:5AR6:LVY5:U2KI:52P5|192.168.1.193:2375
└ Status: Healthy
└ Containers: 2 (2 Running, 0 Paused, 0 Stopped)
└ Reserved CPUs: 0 / 1
└ Reserved Memory: 0 B / 763 MiB
└ Labels: kernelversion=4.4.0-31-generic, operatingsystem=Ubuntu 14.04.5 LTS, ostype=linux, storagedriver=aufs
└ UpdatedAt: 2017-10-15T13:18:50Z
└ ServerVersion: 17.05.0-ce
docker-2: 192.168.1.194:2375
└ ID: LTSZ:NUCW:U7PJ:E2MB:UD4K:QNS4:EOYG:YC5B:XEYU:BNM5:MZGE:X4R4|192.168.1.194:2375
└ Status: Healthy
└ Containers: 2 (2 Running, 0 Paused, 0 Stopped)
└ Reserved CPUs: 0 / 1
└ Reserved Memory: 0 B / 776.6 MiB
└ Labels: kernelversion=4.4.0-31-generic, operatingsystem=Ubuntu 14.04.5 LTS, ostype=linux, storagedriver=aufs
└ UpdatedAt: 2017-10-15T13:19:04Z
└ ServerVersion: 17.05.0-ce
docker-3: 192.168.1.195:2375
└ ID: A42N:WYIC:KJRG:SPED:IJIS:IYQP:23T4:EWDP:6CT7:IFMB:ZIDF:37WN|192.168.1.195:2375
└ Status: Healthy
└ Containers: 1 (1 Running, 0 Paused, 0 Stopped)
└ Reserved CPUs: 0 / 1
└ Reserved Memory: 0 B / 513.1 MiB
└ Labels: kernelversion=4.4.0-31-generic, operatingsystem=Ubuntu 14.04.5 LTS, ostype=linux, storagedriver=aufs
└ UpdatedAt: 2017-10-15T13:19:03Z
└ ServerVersion: 17.05.0-ce
Plugins:
Volume:
Network:
Swarm:
NodeID:
Is Manager: false
Node Address:
Kernel Version: 4.4.0-31-generic
Operating System: linux
Architecture: amd64
CPUs: 3
Total Memory: 2.005GiB
Name: ad81e842302d
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Experimental: false
Live Restore Enabled: false
可以發現docker-1上運行有創建manager服務和swarm join時的兩個容器,docker-2上運行有swarm join和 ping www.baidu.com
(這個容器是在docker-3上通過manager服務創建的,但卻運行在docker-2上,可見是swarm集羣調度策略分配的)的兩個容器,docker-3上只有swarm join
創建一個nginx服務
root@docker-1:~# docker -H 192.168.1.193:12375 run -d --name my-web --publish 8080:80 nginx
2a888979b129767ff73562587e5cf6672aac13c47d69ea4673887d87f6be552a
通過下面命令可以看到nginx運行在docker-3上(swarm調度策略分配的)
root@docker-1:~# docker -H 192.168.1.193:12375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a888979b129 nginx "nginx -g 'daemon ..." 15 seconds ago Up 14 seconds 192.168.1.195:8080->80/tcp docker-3/my-web
41ca94b3da41 centos "ping www.baidu.com" 2 hours ago Up 2 hours docker-2/vigilant_bose
root@docker-3:~# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 910/sshd
tcp6 0 0 :::22 :::* LISTEN 910/sshd
tcp6 0 0 :::2375 :::* LISTEN 1549/dockerd
tcp6 0 0 :::8080 :::* LISTEN 3761/docker-proxy
root@docker-1:~# curl http://192.168.1.195:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
進入nginx容器進行服務修改
root@docker-1:~# docker -H 192.168.1.193:12375 exec -it 2a888979b129 /bin/bash
root@2a888979b129:/# apt-get update &&apt-get install -y vim net-tools
root@2a888979b129:/# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
修改nginx服務的配置文件
root@2a888979b129:/# vim /etc/nginx/conf.d/default.conf
location / {
root /var/www/html/;
index index.html index.htm;
}
root@2a888979b129:/# mkdir /var/www/html/ -p
root@2a888979b129:/# vim /var/www/html/index.html
<h1> Hello,Docker ^_^</h1>
root@2a888979b129:/# service nginx restart
[....] Restarting nginx: nginx
重啓nginx後,nginx容器會終止,需要重新啓動
root@docker-1:~# docker -H 192.168.1.193:12375 start 2a888979b129
2a888979b129
修改後,訪問成功
root@docker-2:~# curl http://192.168.1.195:8080
<h1> Hello,Docker ^_^</h1>
