运行 Docker 的主机可以主动初始化一个 Swarm 集群或者加入一个已存在的 Swarm 集群,这样这个运行 Docker 的主机就成为一个 Swarm 集群的节点 (node) 。
管理节点用于 Swarm 集群的管理,docker swarm 命令基本只能在管理节点执行(节点退出集群命令 docker swarm leave 可以在工作节点执行)。一个 Swarm 集群可以有多个管理节点,但只有一个管理节点可以成为 leader,leader 通过 raft 协议实现。
下发至工作节点执行。管理节点默认也作为工作节点。你也可以通过配置让服务只运行在管理节点。
任务 (Task)是 Swarm 中的最小的调度单位,目前来说就是一个单一的容器。
服务 (Services) 是指一组任务的集合,服务定义了任务的属性。服务有两种模式:
replicated services 按照一定规则在各个工作节点上运行指定个数的任务。
global services 每个工作节点上运行一个任务
两种模式通过 docker service create 的 --mode 参数指定。
[root@centos181001 nginx]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
[root@centos181001 nginx]# docker -v
Docker version 18.09.1, build 4c52b90
启动服务
docker service create nginx
docker service create -p 80:80 nginx
docker service create --replicas 5 nginx
停止某个服务并删除
docker service rm xenodochial_ritchie
查看已经在运行的服务
docker service ls
查看某个服务运行状态
docker service ps agitated_archimedes
增加和删除DNS
docker service update --dns-add 222.222.222.222 tender_hofstadter
docker service update --dns-rm 222.222.222.222 tender_hofstadter
增加和删除端口映射
docker service update --publish-add 80:80 xenodochial_ritchie
docker service update --publish-rm 80:80 xenodochial_ritchie
缩容和扩容
docker service scale tender_hofstadter=2
docker service scale tender_hofstadter=5
docker service
命令详解[root@centos181001 nginx]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
create选项:创建一个新的服务
[root@centos181001 ~]# docker service create --help
Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
Create a new service
Options:
--config config Specify configurations to expose to the service
--constraint list Placement constraints
--container-label list Container labels
容器标签
--credential-spec credential-spec Credential spec for managed service account (Windows only)
-d, --detach Exit immediately instead of waiting for the service to converge
立即退出而不是等待服务收敛
--dns list Set custom DNS servers
指定DNS
--dns-option list Set DNS options
设置DNS选项
--dns-search list Set custom DNS search domains
设置DNS搜索域
--endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip")
端点模式 (vip or dnsrr) (default "vip")
--entrypoint command Overwrite the default ENTRYPOINT of the image
覆盖镜像的默认ENTRYPOINT
-e, --env list Set environment variables
设置环境变量
--env-file list Read in a file of environment variables
从配置文件读取环境变量
--generic-resource list User defined resources
--group list Set one or more supplementary user groups for the container
--health-cmd string Command to run to check health
健康检查命令
--health-interval duration Time between running the check (ms|s|m|h)
健康检查间隔 (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
报告不健康需要连续失败次数
--health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)
在重试计数到不稳定之前,开始容器初始化的时间段(ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h)
允许一次健康检查最长运行时间 (ms|s|m|h)
--host list Set one or more custom host-to-IP mappings (host:ip)
设置一个或多个自定义主机到IP映射 (host:ip)
--hostname string Container hostname
容器名称
--init Use an init inside each service container to forward signals and reap processes
在每个服务容器中使用init来转发信号并收集进程
--isolation string Service container isolation mode
服务容器隔离模式
-l, --label list Service labels
服务标签
--limit-cpu decimal Limit CPUs
CPU限制
--limit-memory bytes Limit Memory
内存限制
--log-driver string Logging driver for service
--log-opt list Logging driver options
--mode string Service mode (replicated or global) (default "replicated")
--mount mount Attach a filesystem mount to the service
--name string Service name
服务名称
--network network Network attachments
网络
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image digest and supported platforms
--placement-pref pref Add a placement preference
-p, --publish port Publish a port as a node port
发布端口
-q, --quiet Suppress progress output
简化输出
--read-only Mount the container's root filesystem as read only
将容器的根文件系统挂载为只读
--replicas uint Number of tasks
同时运行的副本数
--reserve-cpu decimal Reserve CPUs
为本服务需要预留的CPU资源
--reserve-memory bytes Reserve Memory
为本服务需要预留的内存资源
--restart-condition string Restart when condition is met ("none"|"on-failure"|"any") (default "any")
满足条件时重新启动("none"|"on-failure"|"any") (default "any")
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default 5s)
重启尝试之间的延迟 (ns|us|ms|s|m|h) (default 5s)
--restart-max-attempts uint Maximum number of restarts before giving up
放弃前的最大重启次数
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
--rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s)
任务回滚之间的延迟(ns|us|ms|s|m|h) (default 0s)
--rollback-failure-action string Action on rollback failure ("pause"|"continue") (default "pause")
回滚失败的操作("pause"|"continue") (default "pause")
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback (default 0)
回滚期间容忍的失败率(default 0)
--rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 5s)
每次任务回滚后监视失败的持续时间 (ns|us|ms|s|m|h) (default 5s)
--rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first")
回滚选项("start-first"|"stop-first") (default "stop-first")
--rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) (default 1)
同时回滚的最大任务数(0表示一次回滚)(默认值为1)
--secret secret Specify secrets to expose to the service
指定要公开给服务的秘钥
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s)
在强行杀死容器之前等待的时间(ns|us|ms|s|m|h) (default 10s)
--stop-signal string Signal to stop the container
发出信号停止容器
-t, --tty Allocate a pseudo-TTY
分配伪终端
--update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s)
更新之间的延迟(ns|us|ms|s|m|h) (default 0s)
--update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause")
更新失败后选项("pause"|"continue"|"rollback") (default "pause")
--update-max-failure-ratio float Failure rate to tolerate during an update (default 0)
更新期间容忍的故障率(默认为0)
--update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s)
每次更新任务后监视失败的持续时间(ns | us | ms | s | m | h)(默认为5s)
--update-order string Update order ("start-first"|"stop-first") (default "stop-first")
更新选项 ("start-first"|"stop-first") (default "stop-first")
--update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
同时更新的最大任务数(0表示一次更新所有任务)(默认值为1)
-u, --user string Username or UID (format: [:])
--with-registry-auth Send registry authentication details to swarm agents
将注册表验证详细信息发送给swarm代理
-w, --workdir string Working directory inside the container
指定容器内工作目录(workdir)
inspect选项 - 显示一个或多个服务的详细信息
[root@centos181001 nginx]# docker service inspect --help
Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...]
Display detailed information on one or more services
Options:
-f, --format string Format the output using the given Go template
使用给定的Go模板格式化输出
--pretty Print the information in a human friendly format
以人性化的格式打印信息
logs选项 - 获取服务或任务的日志
[root@centos181001 nginx]# docker service logs --help
Usage: docker service logs [OPTIONS] SERVICE|TASK
Fetch the logs of a service or task
Options:
--details Show extra details provided to logs
-f, --follow Follow log output
持续输出日志,相当于``tail -f``
--no-resolve Do not map IDs to Names in output
不要将容器名称输出到日志,而使用CONTAINER ID
--no-task-ids Do not include task IDs in output
不要将task ID输出到日志
--no-trunc Do not truncate output
不要截断输出
--raw Do not neatly format logs
不要整齐地格式化日志(会将前边的容器ID信息等去掉,只保留原始日志内容)
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
显示自时间戳(例如2013-01-02T13:23:37)或相对(例如42分钟42分钟)以来的日志
--tail string Number of lines to show from the end of the logs (default "all")
从日志末尾显示的行数(默认为“全部”)
-t, --timestamps Show timestamps
显示时间戳
ls选项 - 列出服务
[root@centos181001 nginx]# docker service ls --help
Usage: docker service ls [OPTIONS]
List services
Aliases:
ls, list
Options:
-f, --filter filter Filter output based on conditions provided
根据提供的条件过滤输出
--format string Pretty-print services using a Go template
使用Go模板的漂亮打印服务
-q, --quiet Only display IDs
只显示服务ID
ps选项 - 列出一个或多个服务\tasks
[root@centos181001 nginx]# docker service ps --help
Usage: docker service ps [OPTIONS] SERVICE [SERVICE...]
List the tasks of one or more services
Options:
-f, --filter filter Filter output based on conditions provided
根据提供的条件过滤输出
--format string Pretty-print tasks using a Go template
使用Go模板的漂亮打印任务
--no-resolve Do not map IDs to Names
服务名和node名称不要显示名字,而显示ID
--no-trunc Do not truncate output
不要截断输出
-q, --quiet Only display task IDs
只输出task ID
rm选项 - 删除一个或多个服务
警告:与docker rm不同,此命令在删除正在运行的服务之前不要求确认。
[root@centos181001 nginx]# docker service rm --help
Usage: docker service rm SERVICE [SERVICE...]
Remove one or more services
Aliases:
rm, remove
rollback选项 - 回滚服务
[root@centos181001 nginx]# docker service rollback --help
Usage: docker service rollback [OPTIONS] SERVICE
Revert changes to a service's configuration
Options:
-d, --detach Exit immediately instead of waiting for the service to converge
立即退出而不是等待服务收敛
-q, --quiet Suppress progress output
抑制进度输出
scale选项 - 缩容或者扩容服务
[root@centos181001 nginx]# docker service scale --help
Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...]
Scale one or multiple replicated services
Options:
-d, --detach Exit immediately instead of waiting for the service to converge
立即退出而不是等待服务收敛
示例:
docker service scale tender_hofstadter=2
update选项 - 更新一个服务
详解:
[root@centos181001 nginx]# docker service update --help
Usage: docker service update [OPTIONS] SERVICE
Update a service
Options:
--args command Service command args
--config-add config Add or update a config file on a service
--config-rm list Remove a configuration file
--constraint-add list Add or update a placement constraint
--constraint-rm list Remove a constraint
--container-label-add list Add or update a container label
--container-label-rm list Remove a container label by its key
--credential-spec credential-spec Credential spec for managed service account (Windows only)
-d, --detach Exit immediately instead of waiting for the service to converge
立即退出而不是等待服务收敛
--dns-add list Add or update a custom DNS server
添加或更新自定义DNS
--dns-option-add list Add or update a DNS option
添加或更新DNS选项
--dns-option-rm list Remove a DNS option
删除一个DNS选项
--dns-rm list Remove a custom DNS server
删除一个自定义DNS
--dns-search-add list Add or update a custom DNS search domain
添加或更新自定义DNS搜索域
--dns-search-rm list Remove a DNS search domain
删除一个自定义DNS搜索域
--endpoint-mode string Endpoint mode (vip or dnsrr)
端点模式(vip或dnsrr)
--entrypoint command Overwrite the default ENTRYPOINT of the image
覆盖图像的默认ENTRYPOINT
--env-add list Add or update an environment variable
添加或更新环境变量
--env-rm list Remove an environment variable
删除一个环境变量
--force Force update even if no changes require it
即使没有更改需要,也强制更新
--generic-resource-add list Add a Generic resource
添加通用资源
--generic-resource-rm list Remove a Generic resource
删除通用资源
--group-add list Add an additional supplementary user group to the container
向容器添加一个用户组
--group-rm list Remove a previously added supplementary user group from the container
从容器中删除以前添加的补充用户组
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
报告不健康需要连续失败次数
--health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h)
--host-add list Add a custom host-to-IP mapping (host:ip)
--host-rm list Remove a custom host-to-IP mapping (host:ip)
--hostname string Container hostname
--image string Service image tag
定义服务image和标签
--init Use an init inside each service container to forward signals and reap processes
在每个服务容器中使用init来转发信号并收集进程
--isolation string Service container isolation mode
服务容器隔离模式
--label-add list Add or update a service label
添加或更新service标签
--label-rm list Remove a label by its key
删除service标签
--limit-cpu decimal Limit CPUs
CPU限制
--limit-memory bytes Limit Memory
内存限制
--log-driver string Logging driver for service
--log-opt list Logging driver options
--mount-add mount Add or update a mount on a service
--mount-rm list Remove a mount by its target path
--network-add network Add a network
--network-rm list Remove a network
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image digest and supported platforms
--placement-pref-add pref Add a placement preference
--placement-pref-rm pref Remove a placement preference
--publish-add port Add or update a published port
--publish-rm port Remove a published port by its target port
-q, --quiet Suppress progress output
简化输出
--read-only Mount the container's root filesystem as read only
将容器的根文件系统挂载为只读
--replicas uint Number of tasks
--reserve-cpu decimal Reserve CPUs
--reserve-memory bytes Reserve Memory
--restart-condition string Restart when condition is met ("none"|"on-failure"|"any")
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
放弃前的最大重启次数
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
--rollback Rollback to previous specification
回滚到之前的规范
--rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h)
任务回滚之间的延迟(ns | us | ms | s | m | h)
--rollback-failure-action string Action on rollback failure ("pause"|"continue")
回滚失败的操作(“暂停”|“继续”)
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback
回滚期间容忍的失败率
--rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h)
每次任务回滚后监视失败的持续时间(ns | us | ms | s | m | h)
--rollback-order string Rollback order ("start-first"|"stop-first")
回滚顺序(“start-first”|“stop-first”)
--rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once)
同时回滚的最大任务数(0表示一次回滚)
--secret-add secret Add or update a secret on a service
添加或更新服务上的密钥
--secret-rm list Remove a secret
删除一个密钥
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h)
在强制杀死容器之前等待的时间(ns | us | ms | s | m | h)
--stop-signal string Signal to stop the container
发出信号停止容器
-t, --tty Allocate a pseudo-TTY
--update-delay duration Delay between updates (ns|us|ms|s|m|h)
--update-failure-action string Action on update failure ("pause"|"continue"|"rollback")
更新失败的操作(“暂停”|“继续”|“回滚”)
--update-max-failure-ratio float Failure rate to tolerate during an update
更新期间容忍的失败率
--update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h)
每次更新后监控失败的持续时间
--update-order string Update order ("start-first"|"stop-first")
--update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once)
同时更新的最大任务数(0表示一次更新所有任务)
-u, --user string Username or UID (format: [:])
--with-registry-auth Send registry authentication details to swarm agents
将注册表验证详细信息发送给swarm代理
-w, --workdir string Working directory inside the container
定义容器内的workdir