共计 13561 个字符,预计需要花费 34 分钟才能阅读完成。
1:前言
在 docker1.12 版本之前,众所周知 dokcer 本身只能单机上运行,而集群则要依赖 mesos、kubernetes、swarm 等集群管理方案。其中 swarm 是 docker 公司自己的容器集群管理工具,在当时的热度还是低于前两者。docker1.12.0 版本发布中,Docker 公司出于战略眼光,将 swarm 集成到 docker-engine 中,使 docker 内置了集群解决方案。于是 swarm 这个“亲儿子”的江湖地位迅速提升,在 docker 集群方案中与 mesos,k8s 形成三足鼎立之势,在未来则大有赶超之势。
2:规划
IP 主机名 角色
10.10.32.245 swarm1 swarm manager
10.10.32.246 swarm2 worker node
10.10.32.247 swarm3 worker node
10.10.32.248 swarm4 worker node
3:集群通信原理
通过 /usr/lib/system.d/system/docker.service 配置开启 2375 管理端口
ExecStart=/usr/bin/dockerd -s overlay –insecure-registry registry.cntv.net -H tcp://0.0.0.0:2375 -H unix:///va
每个 node 节点上,都开启 2375 远程管理端口,swarm 集群管理通过 2375 管理端口来执行
4:swarm 调度原理
swarm 中实现调度功能的主要是 scheduler 模块,其中包括 Filter 和 strategy。
Filter:根据下发的任务的资源需求,用来过滤节点,从集群所有节点中找出满足条件的节点(比如资源足够,节点正常等等)
Strategy:用来在过滤出的节点中根据策略选择一个最优的节点(比如对找出的节点进行对比,找到资源最多的节点等等)
5:swarm 集群创建
(1)初始化 manager 节点
10.10.32.245
$docker swarm init --advertise-addr 10.10.32.245 Swarm initialized: current node (b73yii7s7rn321ejz8n3ch7ay) is now a manager. To add a worker to this swarm, run the following command: docker swarm join \ --token SWMTKN-1-2z3obrzww2zcnwaiq5dzocpmvz9kty25usroy3gh3xux0l32uo-8dxurdbms8yli2crdxbmyk7y2 \ 10.10.32.245:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.(2)manage 查看节点 swarm 状态
10.10.32.245
$docker info Swarm: active NodeID: ax13h89zlb5dqw980ddo1ox4f Is Manager: true ClusterID: d5nam0mink4wdk506o1ybbs9e Managers: 1 Nodes: 1 (3)manage 查看 swarm 节点
10.10.32.245
$ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ax13h89zlb5dqw980ddo1ox4f * swarm1 Ready Active Leader (4)node 节点加入 swarm 集群
10.10.32.246 10.10.32.247 10.10.32.248
$ docker swarm join-token manager #manage 上查询加入命令及 token To add a manager to this swarm, run the following command: docker swarm join \ --token SWMTKN-1-2z3obrzww2zcnwaiq5dzocpmvz9kty25usroy3gh3xux0l32uo-8dxurdbms8yli2crdxbmyk7y2 \ 10.10.32.245:2377 $ docker swarm join \ --token SWMTKN-1-2z3obrzww2zcnwaiq5dzocpmvz9kty25usroy3gh3xux0l32uo-8dxurdbms8yli2crdxbmyk7y2 \ 10.10.32.245:2377 This node joined a swarm as a worker (5)manage 查看 swarm 节点
$ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 03b5w49n7uz663xwjuof3dsk0 swarm4 Ready Active 0g039jomhpad819a39yvkow6y swarm2 Ready Active 4kos85v5z6jh6lahwv8yjpku8 swarm3 Ready Active ax13h89zlb5dqw980ddo1ox4f * swarm1 Ready Active Leader (6)使节点离开集群
$ docker swarm leave Node left the swarm.6:在 swarm 集群上创建服务
(1)创建服务
$docker service create --network net3 --replicas 4 -p 8099:80 --name time-php registry.cntv.net/heqin/tvtime-php:v0.85dongsi bdkwsgchcydz5ixatrbiyr1fx(2)查看服务
$ docker service ls # 查看服务 ID NAME REPLICAS IMAGE COMMAND bdkwsgchcydz time-php 4/4 registry.cntv.net/heqin/tvtime-php:v0.85dongsi
$docker service ps time-php # 查看服务的实例 ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR d15ambrdd7pyi22951vi497xa time-php.1 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm4 Running Running 5 minutes ago 3wtmmggo65cmyutg7zwikb94s time-php.2 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm3 Running Running 5 minutes ago 5ulbhndwgswpicx8g62af8k5z time-php.3 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm2 Running Running 5 minutes ago 4b9rh8aiwfi88xrdgmyss9ili time-php.4 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm2 Running Running 5 minutes ago $docker service inspect time-php # 查看服务的详细信息 [ { "ID": "bdkwsgchcydz5ixatrbiyr1fx", "Version": { "Index": 3074 }, "CreatedAt": "2016-08-31T01:41:18.892483521Z", "UpdatedAt": "2016-08-31T01:41:18.909164422Z", "Spec": { "Name": "time-php", "TaskTemplate": { "ContainerSpec": { "Image": "registry.cntv.net/heqin/tvtime-php:v0.85dongsi" }, "Resources": { "Limits": {}, "Reservations": {} }, "RestartPolicy": { "Condition": "any", "MaxAttempts": 0 }, "Placement": {} }, "Mode": { "Replicated": { "Replicas": 4 } }, "UpdateConfig": { "Parallelism": 1, "FailureAction": "pause" }, "Networks": [ { "Target": "d83qc9rgkkj1ws8kvmod4x759" } ], "EndpointSpec": { "Mode": "vip", "Ports": [ { "Protocol": "tcp", "TargetPort": 80, "PublishedPort": 8099 } ] } }, "Endpoint": { "Spec": { "Mode": "vip", "Ports": [ { "Protocol": "tcp", "TargetPort": 80, "PublishedPort": 8099 } ] }, "Ports": [ { "Protocol": "tcp", "TargetPort": 80, "PublishedPort": 8099 } ], "VirtualIPs": [ { "NetworkID": "biu7m9hi8fgbbihfzg48whxqi", "Addr": "10.255.0.19/16" }, { "NetworkID": "d83qc9rgkkj1ws8kvmod4x759", "Addr": "10.88.0.2/24" } ] }, "UpdateStatus": { "StartedAt": "0001-01-01T00:00:00Z", "CompletedAt": "0001-01-01T00:00:00Z" } } ] (3)扩展服务实例数
$ docker service scale time-php=10 time-php scaled to 10 $ docker service lsID NAME REPLICAS IMAGE bdkwsgchcydz time-php 6/6 registry.cntv.net/heqin/tvtime-php:v0.85dongsi (4)更新服
$ docker service update --image registry.cntv.net/heqin/tvtime-php:v0.84xidan --log-driver=syslog time-php time-php $ docker service lsID NAME REPLICAS IMAGE bdkwsgchcydz time-php 6/6 registry.cntv.net/heqin/tvtime-php:v0.84xidan
(5)删除服务
$docker service rm time-php time-php 7:网络
(1)查看容器网络
$docker network lsNETWORK ID NAME DRIVER SCOPE a17f16650bf9 bridge bridge local # 容器使用独立网络 Namespace,连接 docker0 虚拟网卡(默认模式)f1c102babcf8 host host local # 容器与主机共享网络 Namespace,拥有主机相同网卡 b6a2efce65ef none null local # 容器没有任何网卡,适合不需要与外部通信的容器 asa2hv41mtci ingress overlay swarm #swarm 集群的的 overlay 网络,容器可以跨主机网络通信注:上面三个网络是 docker 安装后默认带的三个网络,第四个 overlay 网络是启动 swarm 之后默认创建的 overlay 网络。
(2)查看 overlay 网络信息
$docker network inspect ingress [ { "Name": "ingress", "Id": "asa2hv41mtci2qzjkaonusnc8", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "10.255.0.0/16", "Gateway": "10.255.0.1" } ] }, "Internal": false, "Containers": null, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "258" }, "Labels": null } ](3)创建自定义的 overlay 网络
$docker network create --driver=overlay --subnet=10.88.0.0/24 --gateway=10.88.0.1 net3 c654pb76q9jnni5bpdvd34rg4 $docker network lsNETWORK ID NAME DRIVER SCOPE c654pb76q9jn net3 overlay swarm $docker network inspect net3 [ { "Name": "net3", "Id": "c654pb76q9jnni5bpdvd34rg4", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "10.88.0.0/24", "Gateway": "10.88.0.1" } ] }, "Internal": false, "Containers": null, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "258" }, "Labels": null } 注:在 manage 上创建 overlay 网络后,各 node 上并没有同步创建该网络,只有当使用该 overlay 网络的容器在 node 节点上运行时,才会在 node 节点上自动创建, 容器删除后,网络也会在 node 节点上删除。
(4)将容器绑定到自定义的网络中
$docker service create --network net3 --replicas 4 --name time-php registry.cntv.net/heqin/tvtime-php:v0.85dongsi 5qiv4hhv7ra5p65fpq2v6ok0x $docker service ls5qiv4hhv7ra5 time-php 4/4 registry.cntv.net/heqin/tvtime-php:v0.85dongsi $docker service ps time-php ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR 529kuyazgxxl8l0eds4f740nu time-php.1 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm3 Running Running 32 seconds ago brdelpbuwm3p9cujy6k78cpzo time-php.2 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm3 Running Running 33 seconds ago 3csp6fmrsg5cvski270732q98 time-php.3 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm2 Running Running 34 seconds ago 2ismj5zt9o3t2hfe1j1lx7dcw time-php.4 registry.cntv.net/heqin/tvtime-php:v0.85dongsi swarm4 Running Running 33 seconds ago进入 swarm3,可以看到 net3 网络下有两个容器。
$docker docker network inspect net3 [ { "Name": "net3", "Id": "d83qc9rgkkj1ws8kvmod4x759", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "10.88.0.0/24", "Gateway": "10.88.0.1" } ] }, "Internal": false, "Containers": { "d465611683b69f20c28ec9eb276a9e4088867e35508ecf2bf28c07c5d3e1b33a": { "Name": "time-php.1.529kuyazgxxl8l0eds4f740nu", "EndpointID": "ca667c89550f88eabf54eeaaaa3c55c678ec8184f121fc845bbaab1cd4be20ff", "MacAddress": "02:42:0a:58:00:05", "IPv4Address": "10.88.0.5/24", "IPv6Address": "" }, "d8fa64c4f8357418304ed1f19a049e4aac196c94ef50a27a0686ebe4ee734225": { "Name": "time-php.2.brdelpbuwm3p9cujy6k78cpzo", "EndpointID": "ab45bcf8e73d114e9bdf97cac128750a6c7a073149783746a9962c6cd4c599a8", "MacAddress": "02:42:0a:58:00:06", "IPv4Address": "10.88.0.6/24", "IPv6Address": "" } }, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "257" }, "Labels": {} } 用 swarm3 的容器去 ping swarm2 主机上的容器,是可以 ping 通的
$docker exec -it d8fa64c4f835 ping 10.88.0.3 PING 10.88.0.3 (10.88.0.3) 56(84) bytes of data. 64 bytes from 10.88.0.3: icmp_seq=1 ttl=64 time=0.611 ms 64 bytes from 10.88.0.3: icmp_seq=2 ttl=64 time=5.45 ms 64 bytes from 10.88.0.3: icmp_seq=3 ttl=64 time=0.439 ms 64 bytes from 10.88.0.3: icmp_seq=4 ttl=64 time=0.586 ms 64 bytes from 10.88.0.3: icmp_seq=5 ttl=64 time=0.603 ms 8:swarm 基本命令
swarm 集群创建与管理
docker swarm Command
Commands:
init Initialize a swarm
join Join a swarm as a node and/or manager
join-token Manage join tokens
update Update the swarm
leave Leave a swarm
swarm 服务创建与管理
docker service Command
Commands:
create Create a new service
inspect Display detailed information on one or more services
ps List the tasks of a service
ls List services
rm Remove one or more services
scale Scale one or multiple services
update Update a service
swarm 服务创建选项
docker service create [OPTIONS] IMAGE
Options:
–constraint value Placement constraints (default [])
–container-label value Container labels (default [])
–endpoint-mode string Endpoint mode (vip or dnsrr)
-e, –env value Set environment variables (default [])
–help Print usage
-l, –label value Service labels (default [])
–limit-cpu value Limit CPUs (default 0.000)
–limit-memory value Limit Memory (default 0 B)
–log-driver string Logging driver for service
–log-opt value Logging driver options (default [])
–mode string Service mode (replicated or global) (default “replicated”)
–mount value Attach a mount to the service
–name string Service name
–network value Network attachments (default [])
-p, –publish value Publish a port as a node port (default [])
–replicas value Number of tasks (default none)
–reserve-cpu value Reserve CPUs (default 0.000)
–reserve-memory value Reserve Memory (default 0 B)
–restart-condition string Restart when condition is met (none, on-failure, or any)
–restart-delay value Delay between restart attempts (default none)
–restart-max-attempts value Maximum number of restarts before giving up (default none)
–restart-window value Window used to evaluate the restart policy (default none)
–stop-grace-period value Time to wait before force killing a container (default none)
–update-delay duration Delay between updates
–update-failure-action string Action on update failure (pause|continue) (default “pause”)
–update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
-u, –user string Username or UID
9:利用 2375 端口远程管理
注:-H 指定远程地址和端口,即可在任意一台有 docker 客户端的机器远程操作 swarm 集群
$docker -H 10.00.32.245:2375 service lsID NAME REPLICAS IMAGE COMMAND 3e0ihi2lnnaa test_api 1/1 registry.cntv.net/heqin/api-web:1.1 5mdqw6r53tom test_apimem 1/1 registry.cntv.net/heqin/memcache-1.4 5ucxo9wqywo9 test_tomcatmem 1/1 registry.cntv.net/heqin/memcache-1.4 cjd1z14ug28g HQtest_tvtime 5/5 registry.cntv.net/heqin/tvtime-php:v0.85dongsi ex4mahzt5k8u test_tomcat 1/1 registry.cntv.net/heqin/jdk7-tomcat7.0.52:201608011wq10:swarm 与 mesos 对比
(1):部署配置简单,集群管理便利,但是没有 web 管理界面
(2):每个节点无需手动安装 agent,集群间只需要通过暴露 tcp://2375 端口来保证节点间的通信。
(3):无需 bamboo 来做负载均衡,swarm 集群使用 IPVS 负载均衡
(4):无需 marathon、chrons 等调度组件,swarm 内置调度模块。
更多 Docker 相关教程见以下内容:
Docker 安装应用(CentOS 6.5_x64) http://www.linuxidc.com/Linux/2014-07/104595.htm
Ubuntu 14.04 安装 Docker http://www.linuxidc.com/linux/2014-08/105656.htm
Ubuntu 使用 VNC 运行基于 Docker 的桌面系统 http://www.linuxidc.com/Linux/2015-08/121170.htm
阿里云 CentOS 6.5 模板上安装 Docker http://www.linuxidc.com/Linux/2014-11/109107.htm
Ubuntu 15.04 下安装 Docker http://www.linuxidc.com/Linux/2015-07/120444.htm
在 Ubuntu Trusty 14.04 (LTS) (64-bit)安装 Docker http://www.linuxidc.com/Linux/2014-10/108184.htm
在 Ubuntu 15.04 上如何安装 Docker 及基本用法 http://www.linuxidc.com/Linux/2015-09/122885.htm
Ubuntu 16.04 上 Docker 使用手记 http://www.linuxidc.com/Linux/2016-12/138490.htm
Docker 的详细介绍:请点这里
Docker 的下载地址:请点这里
本文永久更新链接地址:http://www.linuxidc.com/Linux/2017-03/142151.htm
