Docker Swarm from deployment to basic operations

About Docker Swarm

Docker Swarm consists of two parts:

1. Docker cluster: organize one or more Docker nodes so that users can manage them in a cluster manner;
2. Application orchestration: There is a set of APIs for deploying and managing containers;

Official information: https://docs.docker.com/swarm/

Network Diagram

The following figure is a typical Docker Swarm cluster deployment diagram from the Docker official website:

Next, follow the above picture to build a Docker Swarm cluster.

Preparation

A total of 5 machines were used in this actual combat, and the configuration information is all the same, as follows:

• Operating system: CentOS Linux release 7.6.1810
• Docker service version: 1.13.1
• The firewalls have been turned off;

The machine information is shown in the following table:

Why three management nodes?

As can be seen from the official diagram, the internal management coordination between the management node clusters uses the Raft consensus algorithm, which ensures the high availability (HA) of the management nodes. In general, the following two principles are referred to:

• Deploy an odd number of management nodes to reduce brain splits.
• Do not deploy too many management nodes, because more management nodes mean more time to reach consensus;

Overview of cluster deployment steps

The entire deployment process is divided into the following steps:

• Initialize the first management node (m0);
• Add new management nodes (m1, m2);
• Join working nodes (w0, w1);

Now let’s officially begin;

Initialize the first management node (m0)

The IP address of the m0 node is 192.168.121.142, so execute the following command on the m0 node:

docker swarm init \
--advertise-addr 192.168.121.142:2377
--listen-addr 192.168.121.142:2377

Regarding the two parameters advertise-addr and listen-addr, the former is used to specify the address of other nodes when connecting to m0, and the latter specifies the IP and port that carries swarm traffic. For more detailed and in-depth differences, please refer to the article: https://boxboat.com/2016/08/17/whats-docker-swarm-advertise-addr/

2. The console returns the following information, indicating that the Swarm cluster is initialized successfully:

Swarm initialized: current node (7585zt09o2sat82maef0ocf42) is now a manager.

To add a worker to this swarm, run the following command:

  docker swarm join \
  --token SWMTKN-1-5huefb5501cv7p8i2op1am2oevasoqu4te8vpvapndkudvszb4-e8l6755jstd7urpdo5smyi8fv \
  192.168.121.142:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

List all nodes in the current Swarm cluster, and you can see the status and identity of the only node m0:

[root@m0 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
7585zt09o2sat82maef0ocf42 * m0 Ready Active Leader

Now that the cluster has been established, we need to add more management nodes and worker nodes;

How to add a new node?

The strategy for new nodes to join Docker Swarm is to obtain a long string of commands from the management node, called a join token. Any machine that wants to join the cluster can join the Swarm cluster by executing this join token itself.

If a new management node needs to be added, execute the command docker swarm join-token manager on m0 to get the join token of the management node, as shown below:

[root@m0 ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:

  docker swarm join \
  --token SWMTKN-1-5huefb5501cv7p8i2op1am2oevasoqu4te8vpvapndkudvszb4-5tz9d4w7nwzu8r4ozd0ff2aiu \
  192.168.121.142:2377

If a new worker node needs to be added, execute the command docker swarm join-token worker in m0 to get the join token of the worker node, as shown below:

[root@m0 ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:

  docker swarm join \
  --token SWMTKN-1-5huefb5501cv7p8i2op1am2oevasoqu4te8vpvapndkudvszb4-e8l6755jstd7urpdo5smyi8fv \
  192.168.121.142:2377

Both join tokens are ready, and then we start adding new nodes.

Add management nodes m1 and m2

Execute the management node join token obtained earlier on m1:

[root@m1 ~]# docker swarm join \
> --token SWMTKN-1-5huefb5501cv7p8i2op1am2oevasoqu4te8vpvapndkudvszb4-5tz9d4w7nwzu8r4ozd0ff2aiu \
> 192.168.121.142:2377
This node joined a swarm as a manager.

Do the same on m2;

Execute the command docker node ls on any of m0, m1, and m2 to view the current status of the Swarm cluster. As shown in the following figure, the three management nodes are all in normal status. The ID field has an asterisk suffix, indicating that the machine currently executing the command is m1:

[root@m1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
0isfyre69mdu1hm11esf1q3dk m2 Ready Active Reachable
7585zt09o2sat82maef0ocf42 m0 Ready Active Leader
slc0hjbs7jh2hdi8ai3wohy23 * m1 Ready Active Reachable

Join working nodes w0 and w1

Execute the join token of the working node obtained earlier on w0:

[root@w0 ~]# docker swarm join \
> --token SWMTKN-1-5huefb5501cv7p8i2op1am2oevasoqu4te8vpvapndkudvszb4-e8l6755jstd7urpdo5smyi8fv \
> 192.168.121.142:2377
This node joined a swarm as a worker.

Do the same operation on w1;

Run the docker node ls command on any of m0, m1, and m2 to view the current status of the Swarm cluster. You can see that all working nodes are ready:

[root@m0 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
0isfyre69mdu1hm11esf1q3dk m2 Ready Active Reachable
7585zt09o2sat82maef0ocf42 * m0 Ready Active Leader
i71bcxt1auc804syybroajtan w1 Ready Active    
slc0hjbs7jh2hdi8ai3wohy23 m1 Ready Active Reachable
wqcwcccva3d3mxgi5p423d4fv w0 Ready Active

At this point, the Swarm cluster environment has been built and can be verified next.

Verify the Swarm cluster environment

Create an overlay network named tomcat-net. This is a layer 2 network. Docker containers under this network can access each other even if the host machines are different:

docker network create -d overlay tomcat-net

Create a service called tomcat, using the overlay network just created:

docker service create --name tomcat \
--network tomcat-net \
-p 8080:8080 \
--replicas 3 \
tomcat:7.0.96-jdk8-openjdk

Execute the command docker service ls to view all current services:

[root@m0 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE
kguawc4b5th4 tomcat replicated 3/3 tomcat:7.0.96-jdk8-openjdk
 

Run the command docker service ps tomcat to view the service named tomcat. You can see that the three containers are deployed on the m0, m2, and w1 machines respectively:

[root@m0 ~]# docker service ps tomcat
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
n1gs9f1plce2 tomcat.1 tomcat:7.0.96-jdk8-openjdk w1 Running Running 19 minutes ago     
q8jyg088ci21 tomcat.2 tomcat:7.0.96-jdk8-openjdk m2 Running Running 19 minutes ago     
h9ww33dpw56m tomcat.3 tomcat:7.0.96-jdk8-openjdk m0 Running Running 19 minutes ago

Execute the command docker service inspect --pretty tomcat to view detailed information about the service named tomcat (remove –pretty to see a more complete view):

[root@m0 ~]# docker service inspect --pretty tomcat

ID: kguawc4b5th4qlwlsv183qtai
Name: tomcat
Service Mode: Replicated
 Replicas: 3
Placement:
UpdateConfig:
 Parallelism: 1
 On failure: pause
 Max failure ratio: 0
ContainerSpec:
 Image: tomcat:7.0.96-jdk8-openjdk@sha256:91eadffb59d9a35ada2d39fcd616a749ac580aa5e834499b7128f27be2e46623
Resources:
Networks: tomcat-net 
Endpoint Mode: vip
Ports:
 PublishedPort 8080
 Protocol = tcp
 TargetPort = 8080

Open the browser and try to access port 8080 of the five machines m0, m1, m2, w0, and w1. You can successfully access the tomcat homepage:

Service Model

1. There are two service modes: Ingress and Host. If not specified, Ingress is used by default.
2. In Ingress mode, traffic arriving at port 8080 of any Swarm node will be mapped to the internal port 80 of any service replica, even if there is no tomcat service replica on the node;
3. In Host mode, ports are opened only on the machine where the container copy is running. The command to use Host mode is as follows:

docker service create --name tomcat \
--network tomcat-net \
--publish published=8080,target=8080,mode=host \
--replicas 3 \
tomcat:7.0.96-jdk8-openjdk

Service Scaling

Execute the command docker service scale tomcat=5 to adjust the number of replicas from 3 to 5:

[root@m0 ~]# docker service scale tomcat=5
tomcat scaled to 5

Run the command docker service ps tomcat to view the service named tomcat. You can see that a container is distributed on each machine:

[root@m0 ~]# docker service ps tomcat
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
w32tjahze2fk tomcat.1 tomcat:7.0.96-jdk8-openjdk m2 Running Running 42 minutes ago       
yj5czwwhrrsh tomcat.2 tomcat:7.0.96-jdk8-openjdk m0 Running Running 42 minutes ago       
pq40995nbd0k tomcat.3 tomcat:7.0.96-jdk8-openjdk w1 Running Running 42 minutes ago       
y1y6z1jczel1 tomcat.4 tomcat:7.0.96-jdk8-openjdk m1 Running Running about a minute ago     
w0dcii8f79os tomcat.5 tomcat:7.0.96-jdk8-openjdk w0 Running Running about a minute ago

Rolling Upgrade

In the current tomcat service, the tag of the tomcat image is 7.0.96-jdk8-openjdk . Let's try to upgrade it to 9.0.24-jdk11-openjdk . Execute the following command:

docker service update \
--image tomcat:9.0.24-jdk11-openjdk \
--update-parallelism 1 \
--update-delay 10s tomcat

There are a few things to note about the above command:
a. update-parallelism: The number of containers updated each time. Here, it is set to 1, which means that each container will be upgraded only after it is successfully upgraded.
b. update-delay: The waiting time before upgrading the next batch after each batch is successfully upgraded. Here, it means waiting 10 seconds after upgrading one container before upgrading the next one.

2. During the upgrade process, execute the command docker service ps tomcat to view the service, and you can see the process of starting the new version containers one by one:

[root@m0 ~]# docker service ps tomcat
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
w32tjahze2fk tomcat.1 tomcat:7.0.96-jdk8-openjdk m2 Running Running 56 minutes ago       
yj5czwwhrrsh tomcat.2 tomcat:7.0.96-jdk8-openjdk m0 Running Running 56 minutes ago       
semuna9awsn7 tomcat.3 tomcat:9.0.24-jdk11-openjdk w1 Running Running 15 seconds ago       
pq40995nbd0k \_ tomcat.3 tomcat:7.0.96-jdk8-openjdk w1 Shutdown Shutdown about a minute ago     
y1y6z1jczel1 tomcat.4 tomcat:7.0.96-jdk8-openjdk m1 Running Running 15 minutes ago       
oot3yex74v4t tomcat.5 tomcat:9.0.24-jdk11-openjdk w0 Running Preparing 5 seconds ago       
w0dcii8f79os \_ tomcat.5 tomcat:7.0.96-jdk8-openjdk w0 Shutdown Shutdown 3 seconds ago

After the upgrade is complete, use the browser to access the service, and you can see that the tomcat version has been upgraded:

Deleting a service

Execute the command docker service rm tomcat to delete the service:

[root@m0 ~]# docker service rm tomcat
tomcat
[root@m0 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE

So far, you have experienced Docker Swarm from deployment to basic operations. I hope this article can give you some reference when you build the environment.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.