What is docker swarm?
Docker Swarm was a separate project before Docker 1.12. After Docker 1.12 was released, the project was merged into Docker and became a subcommand of Docker. Swarm is currently the only Docker community tool that natively supports Docker cluster management. It can convert a system composed of multiple Docker hosts into a single virtual Docker host, so that containers can form a subnet network across hosts.
Docker Swarm is an orchestration tool that provides clustering and scheduling capabilities for IT operations teams. Instead of communicating with each Docker Engine separately, users can merge all Docker engines into a single “virtual Engine” resource pool and communicate with a single master Swarm by executing commands. With flexible scheduling policies, IT teams can better manage available host resources and ensure the efficient operation of application containers.
Swarm’s basic architecture is shown below:
Ii. Advantages of Docker Swarm
High performance at any scale
Scalability is key for enterprise-level Docker Engine clustering and container scheduling. Companies of any size — from five servers to thousands — can use Swarm effectively in their environment.
Swarm was tested to the limit of scalability by running 50,000 deployment containers on 1,000 nodes with sub-second startup times for each container without compromising performance.
Flexible container scheduling
Swarm helps IT operations teams optimize performance and resource utilization under limited conditions. Swarm’s built-in scheduler supports a variety of filters, including: node tags, affinity and various container policies such as Binpack, Spread, random, and so on.
Continuous availability of services
Docker Swarm is provided with high availability by Swarm Manager by creating multiple Swarm master nodes and developing alternate policies for when the master master node goes down. If a master node goes down, a slave node is promoted to master until the original master node is restored.
In addition, if a node fails to join the cluster, Swarm continues to try to join, providing error alerts and logs. Swarm can now try to reschedule containers to normal nodes when a node fails.
Compatibility with Docker API and integration support
Swarm fully supports the Docker API, which means it provides a seamless experience for users using different Docker tools such as Docker CLI, Compose, Trusted Registry, Hub and UCP.
Docker Swarm provides native support for core functions of Docker-like applications, such as multi-host networking and storage volume management
The Compose file developed can be easily deployed to test servers or Swarm clusters (via docker-compose up). Docker Swarm can also pull and run images from the Docker Trusted Registry or Hub.
Iii. Related concepts
node
There are two types of nodes: Managers and workers.
The Docker Swarm command can be executed only on the management node (docker Swarm leave command can be executed on the working node). A Swarm cluster can have multiple management nodes, but only one management node can become the leader, which is implemented using raft protocol.
To take advantage of the fault tolerance of swarm mode, Docker recommends that you implement an odd number of nodes based on your organization’s high availability requirements. When you have multiple managers, you can recover from the failure of the manager node without downtime.
A cluster with N management nodes can lose a maximum of n-1 /2 management nodes. Docker recommends a maximum of seven manager nodes in a cluster. Important: Adding more management nodes does not mean better scalability or performance. Generally, the opposite is true.
Work Node (Workers)
The work node is a task execution node. The management node delivers services to the work node. The management node also functions as the working node by default. You can also configure the service to run only on the administrative node. The following figure shows the relationship between the management nodes and the working nodes in the cluster.
Services and Tasks
Services
Is a collection of tasks whose attributes are defined by the service. There are two modes of service.
- Replicated Services run a specified number of tasks on each work node according to a set of rules.
- Global Services runs a task on each worker node.
Both modes are specified by the -mode parameter of docker service Create. The following figure shows the relationship between containers, tasks, and services.
Tasks
Swarm is the smallest scheduling unit in Swarm and is currently a single container.
Swarm Swarm
The preparatory work
The server
| role | The operating system | network | software |
|---|---|---|---|
| master | Centos8 | 192.168.33.11 | docker |
| node01 | Centos8 | 192.168.33.12 | docker |
| node02 | Centos8 | 192.168.33.13 | docker |
Open ports (2377, 7946, 4789) between hosts, or simply turn off the firewall to disable Selinux
Close the selinux
Go to the /etc/selinux/config file and change selinux to disabled
vi /etc/selinux/config
Change SELINUX=enforcing to SELINUX=disabled
Copy the codeSet the mutual resolution of the system Host name and Host file
Master Run: hostnamectl set-hostname master node01 Run: Hostnamectl set-hostname node01 node02 Run: hostnamectl set-hostname node02Copy the codeSet the hosts file mutual resolution (all three must be set)
192.168.33.11 master
192.168.33.12 node01
192.168.33.13 node02
Copy the codeInitialize the swarm
The first machine, Master, is used as the management node, and the second and third nodes, Node01 and node02, are used as the working nodes.
Run the docker swarm init –advertise-addr 192.168.33.11 command on the master node
Docker swarm init --advertise-addr 192.168.33.11Copy the code
The output above is the command for other working nodes to join the cluster:
docker swarm join --token SWMTKN-1-3v46nt5v1uinmnl6x6ggxx1w7nbbh3yqzs5mu0gloxg58u7ntv-6eazokhvzyctk5ycl3msba36a 192.168.33.11:2377
You can also obtain the join command from the command
docker swarm join-token worker
Copy the codeIf your Docker host has multiple network cards and multiple IP addresses, you must use -advertise-addr to specify the IP address.
Nodes that run the docker swarm init command automatically become management nodes.
The docker info command is used to check the swarm cluster status.
The working node joined the swarm cluster. Procedure
Execute the join command above at the work node (watch your firewall, preferably turn it off)
docker swarm join --token SWMTKN-1-3v46nt5v1uinmnl6x6ggxx1w7nbbh3yqzs5mu0gloxg58u7ntv-6eazokhvzyctk5ycl3msba36a 192.168.33.11:2377
Copy the codeSee This node joined a swarm as a worker. Success.
Node02 and Node03 are added to the cluster.
View the information on the management node
docker node ls
Copy the code
For high availability, we upgraded the work node to the management node.
docker node promote node01
docker node promote node02
Copy the codeAt this point we look at the cluster node information
The cluster status of node02 and node03 becomes Reachable because there can only be one Leader in a cluster. This is similar to Zookeeper, but zookeepers use Paxos and Swarm uses raft.
Swarm Swarm
Swarm if you want to exit the Swarm, run the following command on your Manager Node:
docker swarm leave
Copy the codeIf there are other Worker nodes in the cluster and you want the Manager to exit the cluster, add a force option as shown in the following command line:
docker swarm leave --force
Copy the codeEmpty the cluster container on the node.
docker node update --availability drain xxxxxxxxxxxx
Copy the codeDeleting a node (on the management node)
docker node rm xxxxxxxxxxxx
Copy the codeDocker swarm Join token (docker swarm Join token)
Applications are deployed on the cluster
Create a service
Docker service create --replicas 1 --name Specifies the ID of the alias mirror# replicas: specifies the number of services to run.
Publish port 80 in the nginx container to port 8080 on any node in the cluster
docker service create \
--name my-web \
--publish published=8080,target=80 \
--replicas 3 \
nginx
Copy the code
View services on the cluster
docker service ls
Copy the code
The service uses ingress Load balancing to publish the service, and all nodes in the swarm cluster participate in the Ingress routing mesh. Access any nodeIP+PublishedPort to access the service.
192.168.33.11:8080 192.168.33.12:8080 192.168.33.13:8080
When accessing port 8080 on any node, Docker routes your request to the active container. On the cluster node itself, port 8080 May not actually be bound, but the routing grid knows how to route traffic and prevent any port collisions from occurring.
Therefore, 192.168.33.11:8080, 192.168.33.12:8080, 192.168.33.13:8080 can access nginx, which implements load balancing. Because –replicas 3 hosts three containers running nginx, it is possible to check load balancing by changing the welcome page of the nginx on one node and then accessing it again.
Expansion and reduction (scale)
You can specify the number of containers to run with scale. Scale up (down) the service
docker service scale my-web=2
Copy the code
I can see from docker service ls that nginx has become 2 copies
The manager serves only as the management node
docker node update --availability drain manager
# node update: Changes the node state
# -- Availability: three states
# active: normal
# pause: suspend
# drain
# 1. Exclude (exclude manager only as management node)
docker node update --availability drain master
# 2. AllowDocker node Update - Availability Active MasterCopy the codeWhen the Manager is excluded, services running on it are migrated to other nodes
5. Rolling update service
Upgrade the mirroring version of the service
Docker service create \ --replicas 3 \ --name redis \ --update-delay 10s \ redis:3.0.6Start redis for 3 replica sets
# update-delay 10s: Each container is updated 10 seconds later
Copy the codeScroll to update
Docker service Update --image redis:3.0.7 redis# --image: specifies the version
Copy the codeAfter the update is complete, you can view the new version and history
Viewing Configuration Information
Service update and rollback strategies
docker service create \
--name my-web \
--replicas 10 \
--update-delay 10s \
--update-parallelism 2 \
--update-failure-action continue \
--rollback-parallelism 2 \
--rollback-monitor 20s \
--rollback-max-failure-ratio 0.2 \
nginx:1.12.1
# --update-parallelism 2: Allow two services to be updated at the same time
#--update-failure-action continue: The action is to continue after an update fails
# --rollback-parallelism 2: allow both of them to rollback together
# --rollback-monitor 20S: rollback the monitoring time in 20s
# --rollback-max-failure-ratio 0.2: Rollback failure rate 20%
Copy the codeIf the service status is not set after execution, you can update the service status to the desired one
Docker service update --rollback-monitor 20S my-web Docker service update --rollback-max-failure-ratio 0.2 my-web# Failed to set values in two places, set them manually
Copy the codeCheck the status
docker service inspect --pretty my-web
Copy the codedocker service ps my-web
Copy the codeService updates
Docker service Update --image nginx:1.13 my-webCopy the codeUpdate in pairs as set above
Update complete
Manual rollback (policy is to fail to roll back, there is no failure)
The nginx version was 1.13, now restore it to 1.12.1
docker service update --rollback my-web
Copy the code
The manual rollback is complete
Docker Stack and Docker Compose
- The Docker Stack ignores the “build” command and cannot use the stack command to build a new image, which requires the image to be pre-built. Docker-compose is therefore more suitable for development scenarios.
- Docker Compose is a Python project that internally uses the Docker API specification to manipulate containers. Docker-compose needs to be installed for use with Docker on your computer.
- The Docker Stack function is included in the Docker engine. You don’t need to install additional packages to use it, Docker Stacks is just part of Swarm Mode.
- Docker Stack does not support docker-comemage. yml written based on version 2, that is, at least version 3. Docker Compose, however, can still handle files with versions 2 and 3.
- Docker Stack does all the work for Docker Compose, so the Docker stack will dominate. At the same time, switching to Docker Stack is neither difficult nor expensive for most users. If you are new to Docker, or are choosing a technology for a new project, use Docker Stack.
Docker Stack common commands
| The command | describe |
|---|---|
| docker stack deploy | Deploy a new stack or update an existing stack |
| docker stack ls | Listing the existing stack |
| docker stack ps | Lists the tasks in the stack |
| docker stack rm | Remove one or more stacks |
| docker stack services | Lists the services in the stack |