Docker 叢集Swarm建立和Swarm Web管理
阿新 • • 發佈:2019-01-04
一、環境配置
1、安裝環境
# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) # docker version Client: Version: 1.12.3 API version: 1.24 Go version: go1.6.3 Git commit: 6b644ec Built: OS/Arch: linux/amd64 Server: Version: 1.12.3 API version: 1.24 Go version: go1.6.3 Git commit: 6b644ec Built: OS/Arch: linux/amd64
2、安裝iptables,並關閉firewall防火牆,
# yum install iptables-services -y && systemctl enable iptables && service iptables save # systemctl disable firewalld.service # systemctl stop firewalld.service
關閉firewall防火牆,如果不開啟iptables nat,Docker容器將無法正常啟動。
-
執行
sudo iptables -L | grep DOCKER若輸出DOCKER all -- anywhere anywhere Chain DOCKER (1 references)
則沒問題。
-
否則,執行
iptables-save > /etc/sysconfig/iptables並編輯新增相應的內容:-
*nat :PREROUTING ACCEPT [27:11935] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [
598:57368] :POSTROUTING ACCEPT [591:57092] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE COMMIT # Completed on Sun Sep 20 17:35:31 2015 # Generated by iptables-save v1.4.21 on Sun Sep 20 17:35:31 2015 *filter :INPUT ACCEPT [139291:461018923] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [127386:5251162] :DOCKER - [0:0] -A FORWARD -o docker0 -j DOCKER -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT COMMIT # Completed on Sun Sep 20 17:35:31 2015
-
3、所有主機節點docker開啟2375監聽,docker版本不同,配置方式不一樣
vim /etc/sysconfig/docker
...... OPTIONS='-H 0.0.0.0:2375 -H unix:///var/run/docker.sock' //在OPTIONS引數項後面的''裡新增內容
或者
# cat /usr/lib/systemd/system/docker.service |grep ExecStart ExecStart=/usr/bin/dockerd -H 0.0.0.0:2375 -H unix:///var/run/docker.sock
重啟docker服務
systemctl daemon-reload ##使配置檔案生效
systemctl restart docker
二、Swarm安裝和叢集建立
1、Swarm映象下載
# docker pull swarm # docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/swarm latest 36b1e23becab 4 months ago 15.85 MB
2、建立Swarm
# docker swarm init --advertise-addr 192.168.23.56:2377 Swarm initialized: current node (4cejtuairtof6d0wjq88merwb) is now a manager. To add a worker to this swarm, run the following command: docker swarm join \ --token SWMTKN-1-3kntv9pmgo1w2uk4yqk79v0lw0z35uw2k5j6rw7cns2v0xv3tn-2zqnn7e2zf1azaad2teeh9arw \ 192.168.23.56:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
上面命令執行後,該機器自動加入到swarm叢集。這個會建立一個叢集token,獲取全球唯一的 token,作為叢集唯一標識。後續將其他節點加入叢集都會用到這個token值。
其中,--advertise-addr引數表示其它swarm中的worker節點使用此ip地址與manager聯絡。命令的輸出包含了其它節點如何加入叢集的命令。
3、新增叢集節點
[[email protected] ~]# docker swarm join \ > --token SWMTKN-1-3kntv9pmgo1w2uk4yqk79v0lw0z35uw2k5j6rw7cns2v0xv3tn-2zqnn7e2zf1azaad2teeh9arw \ > 192.168.23.56:2377 This node joined a swarm as a worker.
4、檢視叢集節點
[[email protected] ~]# docker node list ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 4cejtuairtof6d0wjq88merwb * along.party Ready Active Leader 9388mi6e3fnk9l70g24cljhr5 kbsonlong Ready Active
[[email protected] ~]# docker node list ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 4cejtuairtof6d0wjq88merwb * along.party Ready Active Leader 9388mi6e3fnk9l70g24cljhr5 kbsonlong Ready Active //將kbsonlong 節點下線。如果要刪除node1節點,命令是"docker node rm --force kbsonlong " [[email protected] ~]# docker node update --availability drain kbsonlong kbsonlong [[email protected] ~]# docker node list ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 4cejtuairtof6d0wjq88merwb * along.party Ready Active Leader 9388mi6e3fnk9l70g24cljhr5 kbsonlong Ready Drain [[email protected] ~]# //可以看到kbsonlong節點狀態變為Drain,那麼該節點就不會接受task任務分發,就算之前已經接受的任務也會轉移到別的節點上。 //再次修改為active狀態(及將下線的節點再次上線) [[email protected] ~]# docker node update --availability active kbsonlong kbsonlong [[email protected] ~]# docker node list ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 4cejtuairtof6d0wjq88merwb * along.party Ready Active Leader 9388mi6e3fnk9l70g24cljhr5 kbsonlong Ready Active [[email protected] ~]#
1、Portainer安裝
# docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer -d 引數以detach方式執行 -p 將容器工作埠對映至物理機埠 HOST埠:容器埠 -v 將容器目錄掛載(對映)到物理機對應位置,這裡指定通訊方式為sock portainer/portainer 為映象名稱 portainner 也支援用TCP通訊,啟動命令 # docker run -d -p 9000:9000 portainer/portainer -H tcp://<REMOTE_HOST>:<REMOTE_PORT>
優點
- 支援容器管理、映象管理
- 輕量級,消耗資源少
- 基於docker api,安全性高,可指定docker api埠,支援TLS證書認證。
- 支援許可權分配
- 支援叢集
缺點
- 功能不夠強大。
- 容器建立後,無法通過後臺增加埠。
一鍵安裝指令碼
curl -sSL https://shipyard-project.com/deploy | bash -s
注意:由於Shipyard使用shipyard-proxy代理容器,所以需要把docker配置的tcp 0.0.0.0:2375關閉
[[email protected] ~]# docker ps -a |grep shi 7122d3f37464 shipyard/shipyard:latest "/bin/controller --de" About an hour ago Up About an hour 0.0.0.0:8080->8080/tcp shipyard-controller b350b117d76d swarm:latest "/swarm j --addr 172." About an hour ago Up About an hour 2375/tcp shipyard-swarm-agent a7feb0759efe swarm:latest "/swarm m --replicati" About an hour ago Up About an hour 2375/tcp shipyard-swarm-manager 3e784b0b2140 shipyard/docker-proxy:latest "/usr/local/bin/run" About an hour ago Up About an hour 0.0.0.0:2375->2375/tcp shipyard-proxy 49f9700f0811 alpine "sh" About an hour ago Up About an hour shipyard-certs 7fe4c0e821c1 microbox/etcd:latest "/bin/etcd -addr 172." About an hour ago Up About an hour 0.0.0.0:4001->4001/tcp, 0.0.0.0:7001->7001/tcp shipyard-discovery e3750c5de7e2 rethinkdb "rethinkdb --bind all" About an hour ago Up About an hour 8080/tcp, 28015/tcp, 29015/tcp shipyard-rethinkdb [[email protected] ~]#
可以看到啟動了7個Shipyard相關的容器
1、shipyard-rethinkdb :資料存放
2、shipyard-discovery :自動發現
3、shipyard-certs:認證
4、shipyard-proxy:代理
5、shipyard-swarm-manager: swarm管理節點
6、shipyard-swarm-agent: swarm 工作節點 work
7、shipyard-controller:shipyard控制檯,即Web頁面
2、新增Swarm work節點,使用Shipyard時新增Swarm節點有點不一樣
curl -sSL https://shipyard-project.com/deploy | ACTION=node DISCOVERY=etcd://10.0.1.10:4001 bash -s
ACTION
This controls the action for the deployment. Available options are:
deploy: Deploy a new Shipyard instanceupgrade: Upgrade an existing instance (note: you will need to pass the same environment variables as when you deployed to keep the same configuration)node: Add current Docker engine as a new Swarm node in the clusterremove: Completely removes Shipyard
DISCOVERY自動發現
etcd://10.0.1.10:4001 管理節點上的自動發現服務
優點:
- 支援映象管理、容器管理。
- 支援控制檯命令
- 容器資源消耗監控
- 支援叢集swarm,可以隨意增加節點
- 支援控制使用者管理許可權,可以設定某個容器對某個使用者只讀、管理許可權。
- 有漢化版
缺點
- 啟動容器較多,佔用每個節點的一部分資源,
建立的Swarm叢集無法使用Swarm service功能