1️⃣什么是Docker Swarm?
- Docker Swarm 是什么?
Docker Swarm 是 Docker 的集群管理工具。其主要作用是把若干台 Docker 主机抽象为一个整体,并且通过一个入口统一管理这些 Docker 主机上的各种 Docker 资源。Docker Swarm 将一个或多个 Docker 节点组织起来,使得用户能够以集群方式管理它们。
- Docker Swarm 组成部分
swarm 集群由
管理节点
(Manager)和工作节点
(Worker)构成。
管理节点:主要负责整个集群的管理工作包括集群配置、服务管理等所有跟集群有关的工作。诸如监控集群状态、分发任务至工作节点等操作。
工作节点:主要负责执行运行服务的任务。
2️⃣Docker Swarm相关命令说明
# 查看docker swarm有哪些命令 [root@docker01 ~]# docker swarm Usage: docker swarm COMMAND Manage Swarm Commands: ca Display and rotate the root CA init Initialize a swarm join Join a swarm as a node and/or manager join-token Manage join tokens leave Leave the swarm unlock Unlock swarm unlock-key Manage the unlock key update Update the swarm Run 'docker swarm COMMAND --help' for more information on a command. # 查看docker swarm init初始化集群命令的具体操作 [root@docker01 ~]# docker swarm init --help Usage: docker swarm init [OPTIONS] Initialize a swarm Options: --advertise-addr string Advertised address (format: <ip|interface>[:port]) --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) --availability string Availability of the node ("active"|"pause"|"drain") (default "active") --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --data-path-addr string Address or interface to use for data path traffic (format: <ip|interface>) --data-path-port uint32 Port number to use for data path traffic (1024 - 49151). If no value is set or is set to 0, the default port (4789) is used. --default-addr-pool ipNetSlice default address pool in CIDR format (default []) --default-addr-pool-mask-length uint32 default address pool subnet mask length (default 24) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca external-ca Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state --listen-addr node-addr Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377) --max-snapshots uint Number of additional Raft snapshots to retain --snapshot-interval uint Number of log entries between Raft snapshots (default 10000) --task-history-limit int Task history retention limit (default 5)
3️⃣Docker Swarm集群节点规划
为了利用 swarm 模式的容错功能,可以根据组织的高可用性要求实现
奇数个节点
。当有多个管理中心时,可以从一个管理中心节点的故障中恢复,而无需停机。
- 三个管理器群可以容忍最多损失一个管理器。
- 五个管理器群最多可以同时丢失两个管理器节点。
- 七个管理器群最多可以同时丢失三个管理器节点。
- 九个管理器群最多可以同时丢失四个管理器节点。
- Docker 建议一个群最多有七个管理器节点。
(添加更多管理器并不意味着可伸缩性或性能的提高。一般来说,情况恰恰相反。)
主机名 | IP地址 | docker版本号 | 角色 | 备注 |
manager01 | 192.168.200.81 | 20.10.14 | 管理节点 | 主管 |
manager02 | 192.168.200.82 | 20.10.14 | 管理节点 | 从管 |
manager03 | 192.168.200.83 | 20.10.14 | 管理节点 | 从管 |
worker01 | 192.168.200.91 | 20.10.14 | 工作节点 | 工作 |
worker02 | 192.168.200.92 | 20.10.14 | 工作节点 | 工作 |
4️⃣创建Docker Swarm高可用集群操作步骤演示
两步走操作
- ① 生成主节点init
- ② 加入(manager、worker)节点
📃 环境准备
- 1、修改主机名
- 2、配置IP地址
- 3、关闭防火墙和SELINUX安全模式
- 4、配置系统YUM源和Docker镜像源
- 5、更新系统(yum update -y)
- 6、安装好docker环境
# 查看docker版本号 [root@docker-m1 ~]# docker -v Docker version 20.10.14, build a224086 # docker环境安装好,默认的网络信息。 [root@docker ~]# docker network ls NETWORK ID NAME DRIVER SCOPE a656864d027c bridge bridge local 9fd62dbfb07f host host local 27700772b8f7 none null local
🎦 创建集群
$ docker swarm init --advertise-addr
🍎 docker-m1配置信息(manager)
# 创建新的群,生成主节点,执行如下命令,将工作节点添加到集群中。 [root@docker-m1 ~]# docker swarm init --advertise-addr 192.168.200.81 Swarm initialized: current node (34cug51p9dw83u2np594z6ej4) is now a manager. To add a worker to this swarm, run the following command: docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-3ixu6we70ghk69wghfrmo0y6a 192.168.200.81:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. [root@docker-m1 ~]# # 执行以下命令,生成如下命令,运行此命令,添加新的管理节点到集群中。 [root@docker-m1 ~]# docker swarm join-token manager To add a manager to this swarm, run the following command: docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-1z6k8msio37as0vaa467glefx 192.168.200.81:2377 [root@docker-m1 ~]#
docker-m2配置信息(manager)
# 添加至集群中成为管理节点 [root@docker-m2 ~]# docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-1z6k8msio37as0vaa467glefx 192.168.200.81:2377 This node joined a swarm as a manager.
docker-m3配置信息(manager)
# 添加至集群中成为管理节点 [root@docker-m3 ~]# docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-1z6k8msio37as0vaa467glefx 192.168.200.81:2377 This node joined a swarm as a manager.
🍌 docker-n1配置信息(worker)
# 添加至集群中成为工作节点 [root@docker-n1 ~]# docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-3ixu6we70ghk69wghfrmo0y6a 192.168.200.81:2377 This node joined a swarm as a worker.
docker-n1配置信息(worker)
# 添加至集群中成为工作节点 [root@docker-n2 ~]# docker swarm join --token SWMTKN-1-528o8bfk061miheduvuvnnohhpystvxnwiqfqqf04gou6n1wmz-3ixu6we70ghk69wghfrmo0y6a 192.168.200.81:2377 This node joined a swarm as a worker.
🔨检查配置情况
查看集群节点状态信息
发现docker-m1是主管理节点,docker-m2、docker-03是备用管理节点;
两个工作节点docker-n1、docker-n2也正常添加至集群中来。
[root@docker-m1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION 34cug51p9dw83u2np594z6ej4 * docker-m1 Ready Active Leader 20.10.14 hwmwdk78u3rx0wwxged87xnun docker-m2 Ready Active Reachable 20.10.14 4q34guc6hp2a5ok0g1zkjojyh docker-m3 Ready Active Reachable 20.10.14 4om9sg56sg09t9whelbrkh8qn docker-n1 Ready Active 20.10.14 xooolkg0g9epddfqqiicywshe docker-n2 Ready Active 20.10.14 [root@docker-m1 ~]#
查看整个Docker系统的信息
发现docker swarm集群已经创建完成。
共有五台节点,其中三台为管理节点。
[root@docker-m1 ~]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Docker Buildx (Docker Inc., v0.8.1-docker) scan: Docker Scan (Docker Inc., v0.17.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.14 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: active NodeID: 34cug51p9dw83u2np594z6ej4 Is Manager: true ClusterID: v1r77dlrbucscss3tss6edpfv Managers: 3 Nodes: 5 Default Address Pool: 10.0.0.0/8 SubnetSize: 24 Data Path Port: 4789 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 10 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 192.168.200.81 Manager Addresses: 192.168.200.81:2377 192.168.200.82:2377 192.168.200.83:2377 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8 runc version: v1.0.3-0-gf46b6ba init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 3.10.0-1160.62.1.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 1.934GiB Name: docker-m1 ID: YIQB:NBLI:MUUN:35IY:ESCK:QPI3:CIZP:U2AS:WV7D:E57G:H7CO:WBWI Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://w2kavmmf.mirror.aliyuncs.com/ Live Restore Enabled: false WARNING: IPv4 forwarding is disabled WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [root@docker-m1 ~]#
查询集群网络信息
查看到集群中各个节点的IP地址
[root@docker-m1 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE a656864d027c bridge bridge local 1359459aa236 docker_gwbridge bridge local 9fd62dbfb07f host host local 6ipkh8htdyiv ingress overlay swarm 27700772b8f7 none null local [root@docker-m1 ~]# docker network inspect 6ipkh8htdyiv [ { "Name": "ingress", "Id": "6ipkh8htdyivqfqwcdcehu8mb", "Created": "2022-05-03T18:51:39.108622642+08:00", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "10.0.0.0/24", "Gateway": "10.0.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": true, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "ingress-sbox": { "Name": "ingress-endpoint", "EndpointID": "aaa7e77674405f75c1ef8ecf563a5e1745778e9fa698863a243d32121c58dcc5", "MacAddress": "02:42:0a:00:00:02", "IPv4Address": "10.0.0.2/24", "IPv6Address": "" } }, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "4096" }, "Labels": {}, "Peers": [ { "Name": "052c54656ba2", "IP": "192.168.200.81" }, { "Name": "e9e6959ea728", "IP": "192.168.200.82" }, { "Name": "08a7107b1250", "IP": "192.168.200.83" }, { "Name": "b0e6bcd74c9f", "IP": "192.168.200.91" }, { "Name": "0d537d72fb87", "IP": "192.168.200.92" } ] } ] [root@docker-m1 ~]#
5️⃣更改角色:将Manager降级为Worker
以docker-m3为例,将docker-m3管理节点由
manager角色
变成worker角色
。
# 查看帮助命令 [root@docker-m1 ~]# docker node update -h Flag shorthand -h has been deprecated, please use --help Usage: docker node update [OPTIONS] NODE Update a node Options: --availability string Availability of the node ("active"|"pause"|"drain") --label-add list Add or update a node label (key=value) --label-rm list Remove a node label if exists --role string Role of the node ("worker"|"manager") # 执行如下命令,将docker-m3管理节点由manager角色变成worker角色。 [root@docker-m1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION 34cug51p9dw83u2np594z6ej4 * docker-m1 Ready Active Leader 20.10.14 hwmwdk78u3rx0wwxged87xnun docker-m2 Ready Active Reachable 20.10.14 4q34guc6hp2a5ok0g1zkjojyh docker-m3 Ready Active Reachable 20.10.14 4om9sg56sg09t9whelbrkh8qn docker-n1 Ready Active 20.10.14 xooolkg0g9epddfqqiicywshe docker-n2 Ready Active 20.10.14 [root@docker-m1 ~]# docker node update --role worker docker-m3 docker-m3 [root@docker-m1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION 34cug51p9dw83u2np594z6ej4 * docker-m1 Ready Active Leader 20.10.14 hwmwdk78u3rx0wwxged87xnun docker-m2 Ready Active Reachable 20.10.14 4q34guc6hp2a5ok0g1zkjojyh docker-m3 Ready Active 20.10.14 4om9sg56sg09t9whelbrkh8qn docker-n1 Ready Active 20.10.14 xooolkg0g9epddfqqiicywshe docker-n2 Ready Active 20.10.14 [root@docker-m1 ~]#
# 更改之后,查看docker-m3节点详细信息情况 # 发现已经由管理节点变成工作节点 [root@docker-m1 ~]# docker node inspect 4q34guc6hp2a5ok0g1zkjojyh [ { "ID": "4q34guc6hp2a5ok0g1zkjojyh", "Version": { "Index": 39 }, "CreatedAt": "2022-05-03T10:59:07.69499678Z", "UpdatedAt": "2022-05-03T11:27:02.178601504Z", "Spec": { "Labels": {}, "Role": "worker", "Availability": "active" }, "Description": { "Hostname": "docker-m3", "Platform": { "Architecture": "x86_64", "OS": "linux" }, "Resources": { "NanoCPUs": 1000000000, "MemoryBytes": 2076499968 }, "Engine": { "EngineVersion": "20.10.14", "Plugins": [ { "Type": "Log", "Name": "awslogs" }, { "Type": "Log", "Name": "fluentd" }, { "Type": "Log", "Name": "gcplogs" }, { "Type": "Log", "Name": "gelf" }, { "Type": "Log", "Name": "journald" }, { "Type": "Log", "Name": "json-file" }, { "Type": "Log", "Name": "local" }, { "Type": "Log", "Name": "logentries" }, { "Type": "Log", "Name": "splunk" }, { "Type": "Log", "Name": "syslog" }, { "Type": "Network", "Name": "bridge" }, { "Type": "Network", "Name": "host" }, { "Type": "Network", "Name": "ipvlan" }, { "Type": "Network", "Name": "macvlan" }, { "Type": "Network", "Name": "null" }, { "Type": "Network", "Name": "overlay" }, { "Type": "Volume", "Name": "local" } ] }, "TLSInfo": { "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBaTCCARCgAwIBAgIUYUzIe4mqhjKYxuilbhVByLwzzeMwCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMjIwNTAzMTA0NzAwWhcNNDIwNDI4MTA0\nNzAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABK8XzVHRM50TgsAxrgXg18ti69dkedf9LsaHm2I2ub9kKzkLsnTV+bIHGOHK\n0/Twi/B9OCFSsozUGDP7qR3/rRmjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBQ3iXSq5FKnODK2Qqic39A0bg9qjjAKBggqhkjO\nPQQDAgNHADBEAiASv1HdziErIzBJtsVMxfp8zAv0EJ5/eVeIldYdUIVNTQIgXUc3\nakty/iBy5/MhFt9JRRMV1xH1x+Dcf35tNWGH52w=\n-----END CERTIFICATE-----\n", "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErxfNUdEznROCwDGuBeDXy2Lr12R51/0uxoebYja5v2QrOQuydNX5sgcY4crT9PCL8H04IVKyjNQYM/upHf+tGQ==" } }, "Status": { "State": "ready", "Addr": "192.168.200.83" } } ] [root@docker-m1 ~]#