DockerSwarm基礎命令筆記

NO IMAGE

建立Docker叢集

建立管理節點

docker swarm init --advertise-addr 192.168.214.134
Swarm initialized: current node (fn141bj35cm6giol6lc4xrdbg) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4ktuevhnsdh0hiwicqfxqvr3m4zw8c6ew212n7veidkk9xa2mt-cwova8081btr4gi7k9mjlf6g3 192.168.214.134:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

建立visualizer容器,用於在web上檢視叢集內的服務狀態

docker run -it -d -p 8080:8080 --name visualizer -v /var/run/docker.sock:/var/run/docker.sock dockersamples/visualizer

在叢集中新增子節點

[email protected]:~$ docker swarm join --token SWMTKN-1-4ktuevhnsdh0hiwicqfxqvr3m4zw8c6ew212n7veidkk9xa2mt-cwova8081btr4gi7k9mjlf6g3 192.168.214.134:2377
This node joined a swarm as a worker.
[email protected]:~$ docker swarm join --token SWMTKN-1-4ktuevhnsdh0hiwicqfxqvr3m4zw8c6ew212n7veidkk9xa2mt-cwova8081btr4gi7k9mjlf6g3 192.168.214.134:2377
This node joined a swarm as a worker.

檢視節點資訊

[email protected]:~$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS
7p0i3e8o57eo3pi676hv5f0ub     worker1             Ready               Active              
fn141bj35cm6giol6lc4xrdbg *   Manager             Ready               Active              Leader
nvlhrn1vlrg1sn66hkyphxuyd     worker2             Ready               Active   

檢視節點的詳細資訊

[email protected]:~$ docker node inspect fn141bj35cm6giol6lc4xrdbg --pretty
ID:			fn141bj35cm6giol6lc4xrdbg
Hostname:              	Manager
Joined at:             	2017-07-14 03:01:26.170403463  0000 utc
Status:
State:			Ready
Availability:         	Active
Address:		192.168.214.134
Manager Status:
Address:		192.168.214.134:2377
Raft Status:		Reachable
Leader:		Yes
Platform:
Operating System:	linux
Architecture:		x86_64
Resources:
CPUs:			4
Memory:		3.842GiB
Plugins:
Log:		awslogs, fluentd, gcplogs, gelf, journald, json-file, logentries, splunk, syslog
Network:		bridge, host, macvlan, null, overlay
Volume:		local
Engine Version:		17.06.0-ce
TLS Info:
TrustRoot:
-----BEGIN CERTIFICATE-----
MIIBaTCCARCgAwIBAgIUCFPwjCnBaEq SqJQVqOg/gtxNwQwCgYIKoZIzj0EAwIw
EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNzE0MDI1NjAwWhcNMzcwNzA5MDI1
NjAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABGDUW/oycxQlKCAW4UkIw9s clf8HHwNVMDgLyVzuEm2ptmUo6UAMuD11F3D
LRS aFbI19MnxF55W25ZSQcVP5KjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBSpBSKWON4N4dVYEtSrr5lwyo8hejAKBggqhkjO
PQQDAgNHADBEAiBF/IyG1jLiNeP2vClEC4UL97FfOU7ie22Xqz81bRD13gIgVRmu
7YhoqSxSnjOMyB738lzdH1/dft/pGHpJ/iZWPKI=
-----END CERTIFICATE-----
Issuer Subject:	MBMxETAPBgNVBAMTCHN3YXJtLWNh
Issuer Public Key:	MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYNRb jJzFCUoIBbhSQjD2z5yV/wcfA1UwOAvJXO4Sbam2ZSjpQAy4PXUXcMtFL5oVsjX0yfEXnlbbllJBxU/kg==

建立service


[email protected]:~# docker service create --name hellodocker alpine ping docker.com
w8ero71tzo1e6d42tiymrdoru
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.

檢視service

 [email protected]:~# docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
w8ero71tzo1e        hellodocker         replicated          1/1                 alpine:latest

檢視服務執行在哪個節點

[email protected]:~# docker service ps hellodocker
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR                       PORTS
jyj6qqjzv8n8        hellodocker.1       alpine:latest       manager             Running             Running 2 seconds ago

如上,服務部署在 worker節點上,進入worker節點,在worker節點上執行 docker ps

[email protected]:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                  PORTS               NAMES
f7098b163c52        alpine:latest       "ping docker.com"   6 seconds ago       Up Less than a second                       hellodocker.1.jyj6qqjzv8n8g9rzu5snvg3ik

檢視logs

  [email protected]:~$ docker logs -f hellodocker.1.jyj6qqjzv8n8g9rzu5snvg3ik
ping: bad address 'docker.com' 

刪除服務

[email protected]:~# docker service rm hellodocker
hellodocker

使用docker service inspect –pretty <SERVICE-ID>檢視服務的詳細資訊

[email protected]:~$ docker service inspect --pretty helloworld
ID:		pc1s1ur24qgnvnasfd9n3mxhf
Name:		helloworld
Service Mode:	Replicated
Replicas:	3
Placement:
UpdateConfig:
Parallelism:	1
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Update order:      stop-first
RollbackConfig:
Parallelism:	1
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order:    stop-first
ContainerSpec:
Image:		alpine:[email protected]:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe
Args:		ping 10.128.222.250
Resources:
Endpoint Mode:	vip

執行多個服務 ,例:執行3個服務,映象:alping 命令:ping 10.128.222.250

[email protected]:~# docker service create --replicas 3 --name helloworld alpine ping 10.128.222.250
pc1s1ur24qgnvnasfd9n3mxhf

檢視正在執行的“helloworld”服務

[email protected]:~# docker service ps helloworld
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
p7bv5ccvyj6o        helloworld.1        alpine:latest       worker              Running             Running 2 minutes ago
pjyleutora9l        helloworld.2        alpine:latest       manager             Running             Running 2 minutes ago
8xygsa5sbpvi        helloworld.3        alpine:latest       worker              Running             Running 2 minutes ago

如上,服務1和3執行在worker節點上,2執行在manager節點上

[email protected]:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS               NAMES
c55c29a5f1c0        alpine:latest       "ping 10.128.222.250"   4 minutes ago       Up 4 minutes                            helloworld.3.8xygsa5sbpviy40pe4nicvwak
a73f3449d93a        alpine:latest       "ping 10.128.222.250"   4 minutes ago       Up 4 minutes                            helloworld.1.p7bv5ccvyj6og1tv5okctv962
[email protected]:~# docker ps
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS               NAMES
409c9619bb69        alpine:latest       "ping 10.128.222.250"   4 minutes ago       Up 4 minutes                            helloworld.2.pjyleutora9l4x9p8g32t5530

擴充套件或縮放服務中容器的數量,將helloworld服務中的容器數量從3個擴大到5個

$ docker service scale <SERVICE-ID>=<NUMBER-OF-TASKS>
[email protected]:~# docker service scale helloworld=5
helloworld scaled to 5
[email protected]:~# docker service ps helloworld
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
p7bv5ccvyj6o        helloworld.1        alpine:latest       worker              Running             Running 12 minutes ago
pjyleutora9l        helloworld.2        alpine:latest       manager             Running             Running 12 minutes ago
8xygsa5sbpvi        helloworld.3        alpine:latest       worker              Running             Running 12 minutes ago
ttqx93p6rx92        helloworld.4        alpine:latest       manager             Running             Running 58 seconds ago
rncrcscuehnr        helloworld.5        alpine:latest       manager             Running             Running 58 seconds ago

滾動更新

將Redis 3.0.6部署到群集,並配置群組10秒更新延遲

[email protected]:~$ docker service create \
>   --replicas 3 \
>   --name redis \
>   --update-delay 10s \
>   redis:3.0.6
3rtr2ryx6fte8fd101s4yom59

–update-delay引數用來設定服務的更新延時,S為秒,m為分鐘,h為小時。例如10m30s表示10分30s的延時。

預設情況下,排程程式一次更新1個任務。您可以傳遞該 –update-parallelism用來配置排程程式同時更新的最大服務任務數。

預設情況下,當對單個任務的更新返回“ RUNNING”,排程器會排程另一個任務以進行更新,直到所有任務更新為止。如果在更新期間的任何時間任務返回FAILED,則排程程式將暫停更新

檢查redis服務

[email protected]:~$ docker service inspect --pretty redis
ID:		3rtr2ryx6fte8fd101s4yom59
Name:		redis
Service Mode:	Replicated
Replicas:	3
Placement:
UpdateConfig:
Parallelism:	1
Delay:		10s
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Update order:      stop-first
RollbackConfig:
Parallelism:	1
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order:    stop-first
ContainerSpec:
Image:		redis:[email protected]:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842
Resources:
Endpoint Mode:	vip

更新redis映象

$ docker service update --image redis:3.0.7 redis
redis

預設情況下,排程程式應用滾動更新步驟如下:

  1. 停止第一個任務
  2. 開始更新第一個任務。
  3. 啟動更新任務的容器。
  4. 如果任務的更新返回RUNNING,等待指定的延遲時間,然後啟動下一個任務。
  5. 如果在更新期間的任何時間任務返回FAILED,則暫停更新。
  6. 更新任務完成後,執行更新後的容器(task)。
  7. 原容器用“_”標記

檢視新映象

$ docker service inspect --pretty redis
ID:		3rtr2ryx6fte8fd101s4yom59
Name:		redis
Service Mode:	Replicated
Replicas:	3
UpdateStatus:
State:		updating
Started:	About a minute
Message:	update in progress
Placement:
UpdateConfig:
Parallelism:	1
Delay:		10s
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Update order:      stop-first
RollbackConfig:
Parallelism:	1
On failure:	pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order:    stop-first
ContainerSpec:
Image:		redis:[email protected]6:730b765df9fe96af414da64a2b67f3a5f70b8fd13a31e5096fee4807ed802e20
Resources:
Endpoint Mode:	vip

執行docker service ps <SERVICE-ID>觀看滾動更新:

[email protected]:~$ docker service ps redis
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE              ERROR               PORTS
vxz4rvzwc16x        redis.1             redis:3.0.6         worker              Running             Running 16 hours ago                           
tji5dknrsos4        redis.2             redis:3.0.6         manager             Running             Running 16 hours ago                           
uorssaenlvj4        redis.3             redis:3.0.7         manager             Running             Preparing 10 minutes ago                       
qjkfvcidtmdu         \_ redis.3         redis:3.0.6         manager             Shutdown            Shutdown 10 minutes ago  

滾動更新結束

[email protected]:~$ docker service ps redis
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                 ERROR               PORTS
6hfvw17yg7we        redis.1             redis:3.0.7         worker              Running             Preparing 50 seconds ago                          
vxz4rvzwc16x         \_ redis.1         redis:3.0.6         worker              Shutdown            Shutdown 49 seconds ago                           
znkir2muje8n        redis.2             redis:3.0.7         manager             Running             Running about a minute ago                        
tji5dknrsos4         \_ redis.2         redis:3.0.6         manager             Shutdown            Shutdown about a minute ago                       
uorssaenlvj4        redis.3             redis:3.0.7         manager             Running             Running about a minute ago                        
qjkfvcidtmdu         \_ redis.3         redis:3.0.6         manager             Shutdown            Shutdown 15 minutes ago

更新節點狀態

排除(drain)群上的一個節點

當所有節點的“AVAILABILITY”都處於”Active”時,群管理器可以將任務分配給任何的ACTIVE節點。

當需要維護某一個節點時,可以將節點的設定為DRAIN。DRAIN可以阻止節點從叢集管理器接收心得任務。當節點處於DRAIN狀態時,叢集管理器會將節點上的服務自動遷移到其他節點上。

檢視節點的狀態(當前所有節點都處於Active狀態)

[email protected]:~$ docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS
9yezhc3cu7k0jk7535rpxfxr2 *   manager             Ready               Active              Leader
p704nr33kijnyqvkftng3maro     worker              Ready               Active  

執行docker service ps redis檢視服務的分佈狀態

[email protected]:~$ docker service ps redis
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE             ERROR               PORTS
6hfvw17yg7we        redis.1             redis:3.0.7         worker              Running             Running 14 minutes ago                        
vxz4rvzwc16x         \_ redis.1         redis:3.0.6         worker              Shutdown            Shutdown 25 minutes ago                       
znkir2muje8n        redis.2             redis:3.0.7         manager             Running             Running 25 minutes ago                        
tji5dknrsos4         \_ redis.2         redis:3.0.6         manager             Shutdown            Shutdown 25 minutes ago                       
uorssaenlvj4        redis.3             redis:3.0.7         manager             Running             Running 25 minutes ago                        
qjkfvcidtmdu         \_ redis.3         redis:3.0.6         manager             Shutdown            Shutdown 39 minutes ago   
[email protected]:~$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
3rtr2ryx6fte        redis               replicated          3/3                 redis:3.0.7

當前服務執行在3個節點上,manager節點上執行了2個,worker節點上執行了1個

執行docker node update –availability drain <NODE-ID>以排出分配給任務的節點:

[email protected]:~$ docker node update --availability drain worker
worker

檢查節點狀態(worker節點的AVAILABILITY顯示為Drain)

[email protected]:~$ docker node inspect --pretty worker
ID:			p704nr33kijnyqvkftng3maro
Hostname:              	worker
Status:
State:			Ready
Availability:         	Drain

執行docker service ps redis檢視服務的分佈狀態

[email protected]:~$ docker service ps redis
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
yg6zrl3vvu9a        redis.1             redis:3.0.7         manager             Running             Running 9 minutes ago
znkir2muje8n        redis.2             redis:3.0.7         manager             Running             Running 40 minutes ago
uorssaenlvj4        redis.3             redis:3.0.7         manager             Running             Running 40 minutes ago
6hfvw17yg7we         \_ redis.1         redis:3.0.7         worker              Shutdown            Shutdown 9 minutes ago                           
vxz4rvzwc16x         \_ redis.1         redis:3.0.6         worker              Shutdown            Shutdown 39 minutes ago                          
tji5dknrsos4         \_ redis.2         redis:3.0.6         manager             Shutdown            Shutdown 40 minutes ago                          
qjkfvcidtmdu         \_ redis.3         redis:3.0.6         manager             Shutdown            Shutdown about an hour ago

叢集管理器會結束執行在“Drain狀態節點”上的服務,然後在Active狀態節點上建立新的服務。

執行 docker node update –availability active <NODE-ID>將排出的節點返回到活動狀態:

[email protected]:~$ docker node update --availability active worker
worker

檢視worker節點狀態

[email protected]:~$ docker node inspect --pretty worker
ID:			p704nr33kijnyqvkftng3maro
Hostname:              	worker
Joined at:             	2017-07-11 04:20:51.447858617  0000 utc
Status:
State:			Ready
Availability:         	Active
Address:		10.128.222.248

當節點設定回Active時,它可以接收新的任務:

  1. 在服務更新中擴大規模
  2. 在滾動更新期間
  3. 將另一個節點設定為Drain時
  4. 當任務在另一個活動節點上失敗時

增加服務的規模

[email protected]:~$ docker service scale redis=4
redis scaled to 4

檢視服務的分佈狀態

[email protected]:~$ docker service ps redis
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
yg6zrl3vvu9a        redis.1             redis:3.0.7         manager             Running             Running 24 minutes ago                           
6hfvw17yg7we         \_ redis.1         redis:3.0.7         worker              Shutdown            Shutdown 24 minutes ago                          
vxz4rvzwc16x         \_ redis.1         redis:3.0.6         worker              Shutdown            Shutdown about an hour ago                       
znkir2muje8n        redis.2             redis:3.0.7         manager             Running             Running about an hour ago                        
tji5dknrsos4         \_ redis.2         redis:3.0.6         manager             Shutdown            Shutdown about an hour ago                       
uorssaenlvj4        redis.3             redis:3.0.7         manager             Running             Running about an hour ago                        
qjkfvcidtmdu         \_ redis.3         redis:3.0.6         manager             Shutdown            Shutdown about an hour ago                       
k8p5nq2bfims        redis.4             redis:3.0.7         worker              Running             Running 3 seconds ago 

此時,redis.4服務執行在worder節點上

建立Overlay網路

建立Overlay網路

[email protected]:~$ docker network create \
--driver overlay \
--subnet 10.0.9.0/24 \
--opt encrypted  my-network
mfgsjqhlo25kbm1zyxocx9t1h

檢視當前網路

[email protected]:~$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
86783e6b92b7        bridge              bridge              local
755b97bdc851        docker_gwbridge     bridge              local
b617a9638d1f        host                host                local
flc6fgfyvtcr        ingress             overlay             swarm
mfgsjqhlo25k        my-network          overlay             swarm
9a0834cc2206        none                null                local

建立my-web服務

[email protected]:~$ docker service create \
> --name my-web \
> --replicas 2 \
> --network my-network \
> nginx
el6s6hg8cncfgoz8czs53jltj

檢視執行中的服務

[email protected]:~$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
3rtr2ryx6fte        redis               replicated          1/1                 redis:3.0.7
el6s6hg8cncf        my-web              replicated          2/2                 nginx:latest

建立alpine服務,並指定network

[email protected]:~$ docker service create \
> --name my-alpine \
> --network my-network \
> alpine sleep 3600
2j3otip1b34hrrc2n76r4ziz2

檢視執行中的服務

[email protected]:~$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
2j3otip1b34h        my-alpine           replicated          1/1                 alpine:latest
3rtr2ryx6fte        redis               replicated          1/1                 redis:3.0.7
el6s6hg8cncf        my-web              replicated          2/2                 nginx:latest

檢視my-alpine服務資訊

[email protected]:~$ docker service ps my-alpine
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
slgn5e52igwu        my-alpine.1         alpine:latest       manager             Running             Running about a minute ago

當前my-alpine服務執行在manager節點上

在mangager節點上檢視my-alpine服務,並進入服務所在的容器

[email protected]:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
5c1b3df82887        alpine:latest       "sleep 3600"             5 minutes ago       Up 5 minutes                            my-alpine.1.slgn5e52igwu684fkyh5t7xqa
f9a93a18d976        nginx:latest        "nginx -g 'daemon ..."   11 minutes ago      Up 10 minutes       80/tcp              my-web.1.n3g427taf3shssvrcqleqs55k
[email protected]:~$ docker exec -ti 5c1b3df82887 sh
/ #

使用nslookup my-web檢視服務web服務所在的ip地址

/ # nslookup my-web
Name:      my-web
Address 1: 10.0.9.2

檢視服務所關聯的所有task的ip地址

/ # nslookup tasks.my-web
nslookup: can't resolve '(null)': Name does not resolve
Name:      tasks.my-web
Address 1: 10.0.9.4 my-web.2.vt2gxa8yspduhswcrbtiswtpe.my-network
Address 2: 10.0.9.3 my-web.1.n3g427taf3shssvrcqleqs55k.my-network

通過wget訪問my-web服務

/ # wget -O-  my-web
Connecting to my-web (10.0.9.2:80)
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-                    100% |*******************************|   612   0:00:00 ETA

叢集服務發現

通過 docker service update –publish-add 8080:80 my-web ,將本地的8080埠對映到叢集的80埠

Usage:	docker service update [OPTIONS] SERVICE
Update a service
Options:
--publish-add port                   Add or update a published
[email protected]:~$ docker service update --publish-add 8080:80 my-web
my-web

在外部網路通過8080埠訪問叢集內的my-web服務

訪問失敗(失敗原因:預設網路和Vcenter的預設網路衝突,刪除預設網路後自定義一個新的網段即可解決)

服務狀態正常,埠對映成功 外部依然無法訪問

[email protected]:~$ docker service ps my-web
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE             ERROR               PORTS
19ke911tnn15        my-web.1            nginx:latest        manager             Running             Running 10 minutes ago
n3g427taf3sh         \_ my-web.1        nginx:latest        manager             Shutdown            Shutdown 10 minutes ago
7hq3rgwn2t3u        my-web.2            nginx:latest        worker              Running             Running 10 minutes ago
vt2gxa8yspdu         \_ my-web.2        nginx:latest        worker              Shutdown            Shutdown 10 minutes ago
[email protected]:~$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
2j3otip1b34h        my-alpine           replicated          1/1                 alpine:latest
3rtr2ryx6fte        redis               replicated          1/1                 redis:3.0.7
el6s6hg8cncf        my-web              replicated          2/2                 nginx:latest        *:8080->80/tcp
[email protected]:~$ curl 10.128.222.244:8080
curl: (52) Empty reply from server
[email protected]:~$ ping 10.128.222.244
PING 10.128.222.244 (10.128.222.244) 56(84) bytes of data.
64 bytes from 10.128.222.244: icmp_seq=1 ttl=64 time=0.140 ms
64 bytes from 10.128.222.244: icmp_seq=2 ttl=64 time=0.143 ms

在本地用WorkStation搭建DockerSwarm成功。