Linux——Docker工具(三剑客)
Docker三大编排工具:
- Docker Compose:是用来组装多容器应用的工具,可以在 Swarm集群中部署分布式应用。
- Docker Machine:是支持多平台安装Docker的工具,使用 Docker Machine,可以很方便地在笔记本、云平台及数据中心里安装Docker。
- Docker Swarm:是Docker社区原生提供的容器集群管理工具。
Docker-compose
- Compose是用来定义和运行一个或多个容器应用的工具。使用compaose可以简化容器镜像的建立及容器的运行。
- Compose使用python语言开发,非常适合在单机环境里部署一个或多个容器,并自动把多个容器互相关联起来。
Compose 中有两个重要的概念:
- 服务 (service):一个应用的容器,实际上可以包括若干运行相同镜像的容器实例。
- 项目 (project):由一组关联的应用容器组成的一个完整业务单元,在 docker-compose.yml 文件中定义。
Docker-machine
- Docker Machine 是 Docker 官方编排(Orchestration)项目之一,负责在多种平台上快速安装 Docker 环境。
- Docker Machine 项目基于 Go 语言实现,目前在 Github 上进行维护。
Docker-swarm
- Docker Swarm 是 Docker 官方三剑客项目之一,提供 Docker 容器集群服务,是 Docker 官方对容器云生态进行支持的核心方案。使用它,用户可以将多个 Docker 主机封装为单个大型的虚拟 Docker 主机,快速打造一套容器云平台。
- Swarm mode内置kv存储功能,提供了众多的新特性,比如:具有容错能力的去中心化设计、内置服务发现、负载均衡、路由网格、动态伸缩、滚动更新、安全传输等。使得 Docker 原生的 Swarm 集群具备与 Mesos、Kubernetes 竞争的实力。
一、Docker-compose
Docker-compose官方文档
1.安装部署
[root@docker-compose ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 100 651 0 0 880 0 --:--:-- --:--:-- --:--:-- 879
100 16.2M 100 16.2M 0 0 161k 0 0:01:42 0:01:42 --:--:-- 183k
[root@docker-compose ~]# chmod +x /usr/local/bin/docker-compose
[root@docker-compose ~]# docker-compose -v
docker-compose version 1.25.0, build 0a186604
设置tabl键的空格距离
[root@docker-compose ~]# vim .vimrc
set tabstop=2
[root@docker-compose ~]# source .vimrc
2.配置文件实例
通过识别一个docker-compose.yml的配置文件,去管理容器。
[root@docker-compose ~]# mkdir /webserver
[root@docker-compose ~]# mkdir compose
[root@docker-compose ~]# cd compose/
[root@docker-compose compose]# vim docker-compose.yaml
version: "3"
services:
nginx:
container_name: web-nginx
image: nginx
restart: always
ports:
- 90:80
volumes:
- ./webserver:/usr/share/nginx/html
命令解释
- 第一个部分: version: 指定语法格式的版本。
- 第二部分:service:定义服务,(想要运行什么样的容器)
- nginx: //服务的名称
- container_name: web-nginx //容器名称
- image: nginx:latest //使用的镜像
- restart: always //容器跟随docker服务自启
- ports: //端口映射
- volumes:: //持久化 本地:容器
运行
PS:如果想要退出终端占用,加-d 选项。
[root@docker-compose compose]# docker-compose up -d
Creating network "compose_default" with the default driver
Pulling nginx (nginx:)...
latest: Pulling from library/nginx
d121f8d1c412: Pull complete
ebd81fc8c071: Pull complete
655316c160af: Pull complete
d15953c0e0f8: Pull complete
2ee525c5c3cc: Pull complete
Digest: sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0
Status: Downloaded newer image for nginx:latest
Creating web-nginx ... done
[root@docker-compose compose]# docker-compose stop //停止运行
Stopping web-nginx ... done
[root@docker-compose compose]# docker-compose restart //重启
Restarting web-nginx ... done
在运行container的过程中,还可以支持Dockerfile
PS: 如果文件内有Dockerfile,可以提前执行:docker-compose build 或者在up -d 的时候添加–build 选项。
[root@docker-compose compose]# vim Dockerfile
FROM nginx
COPY ./webserver/index.html /usr/share/nginx/html/index.html
[root@docker-compose compose]# vim docker-compose.yaml
version: "3"
services:
nginx:
build: .
container_name: web-nginx
image: nginx
restart: always
ports:
- 91:80
[root@docker-compose compose]# ls
docker-compose.yaml Dockerfile webserver
[root@docker-compose compose]# ls webserver/
index.html
[root@docker-compose compose]# docker-compose up -d --build
Building nginx
Step 1/2 : FROM nginx
---> 7e4d58f0e5f3
Step 2/2 : COPY ./webserver/index.html /usr/share/nginx/html/index.html
---> c18fdc4bedf3
Successfully built c18fdc4bedf3
Successfully tagged nginx:latest
Recreating web-nginx ... done
3.docker-compose管理命令介绍
(1)帮助信息
[root@docker-compose ~]# docker-compose --help
(2)创建或重新创建服务使用的镜像
[root@docker-compose ~]# docker-compose build
(3)通过容器发送SIGKILL信号强行停止服务
[root@docker-compose ~]# docker-compose kill nginx
PS:kill 服务名称,默认所有服务
(4)显示service的日志信息
[root@docker-compose ~]# docker-compose logs
(5)暂停和恢复服务
[root@docker-compose ~]# docker-compose pause
- docker-compose pause #暂停服务
- docker-compose unpause #恢复被暂停的服务
(6)查看服务中的端口与物理机的映射关系
[root@docker-compose ~]# docker-compose port nginx 80
PS:docker-compose port nginx_web 80 #查看服务中80端口映射到物理机上的那个端口
(7)显示当前项目下的容器
[root@docker-compose ~]# docker-compose ps
PS:此命令与docker ps不同作用,此命令会显示停止后的容器(状态为Exited),只针对某个项目。
(8)拉取服务依赖的镜像
[root@docker-compose ~]# docker-compose pull
(9)重启某个服务中的所有容器
[root@docker-compose ~]# docker-compose restart
(10)删除停止的服务(服务里的容器)
[root@docker-compose ~]# docker-compose rm
- -f #强制删除
- -v #删除与容器相关的卷(volumes)
(11)在服务中运行一个一次性的命令
[root@docker-compose ~]# docker-compose run nginx ls /
这个命令会新建一个容器,它的配置和srvice的配置相同。但两者之间还是有两点不同之处
- run指定的命令会直接覆盖掉service配置中指定的命令
- run命令启动的容器不会创建在service配置中指定的端口,如果需要指定使用–service-ports指定
(12)启动/停止运行某个服务的所有容器
[root@docker-compose ~]# docker-compose start/stop
- docker-compose start 启动运行某个服务的所有容器
- docker-compose stop 停止运行某个服务的所有容器
(13)指定某个服务启动的容器个数
[root@docker-compose ~]# docker-compose scale nginx=2
PS:如果需要运行多个容器,那么容器名称就不要给了,会随机生成,还有注意端口映射问题,不要冲突(docker-compose port 字段支持仅写一个容器暴露的端口)
- -f :用于指定配置文件
- -p :用于指定项目名称
4.搭建wordpress博客
[root@docker-compose ~]# mkdir wordpress
[root@docker-compose ~]# cd wordpress/
[root@docker-compose wordpress]# vim docker-compose.yaml
[root@docker-compose wordpress]# cat docker-compose.yaml
version: "3.1"
services:
wordpress:
image: wordpress
restart: always
ports:
- 8081:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: 123.com
WORDPRESS_DB_NAME: wordpress
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: wordpress
MYSQL_PASSWORD: 123.com
MYSQL_ROOT_PASSWORD: 123.com
MYSQL_USER: wordpress
[root@docker-compose wordpress]# docker-compose up -d
Creating network "wordpress_default" with the default driver
Pulling wordpress (wordpress:)...
......
Pulling db (mysql:5.7)...
......
Creating wordpress_wordpress_1 ... done
Creating wordpress_db_1 ... done
[root@docker-compose wordpress]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
afb30cb0a6e2 mysql:5.7 "docker-entrypoint.s…" About a minute ago Up About a minute 3306/tcp, 33060/tcp wordpress_db_1
8884dd232849 wordpress "docker-entrypoint.s…" About a minute ago Up About a minute 0.0.0.0:8081->80/tcp wordpress_wordpress_1
5.搭建lnmp
[root@docker-compose ~]# mkdir lnmp
[root@docker-compose lnmp]# docker cp lnmp-mysql:/var/lib/mysql ./
[root@docker-compose lnmp]# docker cp lnmp-nginx:/etc/nginx/ ./
[root@docker-compose lnmp]# docker cp lnmp-nginx:/usr/share/nginx/html/ ./
[root@docker-compose lnmp]# cat docker-compose.yaml
version: "3"
services:
nginx:
image: nginx
ports:
- 8085:80
volumes:
- /lnmp/html:/usr/share/nginx/html
- /lnmp/nginx:/etc/nginx
php:
image: php:7.2-fpm
ports:
- 9000:9000
volumes:
- /lnmp/html:/usr/share/nginx/html
mysql:
image: mysql:5.7
ports:
- 3306:3306
volumes:
- /lnmp/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=123456
[root@docker-compose lnmp]# docker-compose up -d
Recreating lnmp-nginx ...
Recreating lnmp-php ...
Recreating lnmp-mysql ...
Recreating lnmp-nginx ... done
Recreating lnmp-php ... done
Recreating lnmp-mysql ... done
二、Docker-machine
Docker-machine官方文档
PS:Docker-machine环境主机没有安装docker服务的主机!!!
| 主机 | IP |
|---|---|
| node01 | 192.168.1.10 |
| node02 | 192.168.1.11 |
| node01 | 192.168.1.12 |
1.关闭防火墙和SELinux、清空iptables
[root@node01 ~]# systemctl stop firewalld
[root@node01 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@node01 ~]# setenforce 0
[root@node01 ~]# iptables -F
[root@node01 ~]# iptables-save
2.安装machine
[root@node01 ~]# curl -L https://github.com/docker/machine/releases/download/v0.16.0/docker-machine-`uname -s`-`uname -m` >/tmp/docker-machine && chmod +x /tmp/docker-machine && cp /tmp/docker-machine /usr/local/bin/docker-machine
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 100 651 0 0 96 0 0:00:06 0:00:06 --:--:-- 154
100 26.8M 100 26.8M 0 0 184k 0 0:02:29 0:02:29 --:--:-- 447k
3.查看是否安装成功
[root@node01 ~]# docker-machine --version
docker-machine version 0.16.0, build 702c267f
4.给machine主机做域名解析和免密登录
[root@node01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.10 node01
192.168.1.11 node02
192.168.1.12 node03
[root@node01 ~]# ssh-keygen
[root@node01 ~]# ssh-copy-id root@node01
[root@node01 ~]# ssh-copy-id root@node02
[root@node01 ~]# ssh-copy-id root@node03
4.创建machine
PS:对于 Docker Machine 来说,术语 Machine 就是运行 docker daemon 的主机。创建 Machine指的就是在 host 上安装和部署 docker。
- –driver generic:驱动类型
- –generic-engine-port:用于 Docker 守护的端口
- –generic-ip-address:主机所需的 IP 地址
- –generic-ssh-key: SSH 用户私钥的路径
- –generic-ssh-user: 用于连接的 SSH 用户名
- –generic-ssh-port:用于 SSH 的端口
[root@node01 ~]# docker-machine create --driver generic --generic-ip-address=192.168.1.10 --generic-ssh-key .ssh/id_rsa node01
Creating CA: /root/.docker/machine/certs/ca.pem
Creating client certificate: /root/.docker/machine/certs/cert.pem
Running pre-create checks...
Creating machine...
(node01) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with centos...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env node01
用同样的方法吧其余两台添加到machine中
[root@node01 ~]# docker-machine create --driver generic --generic-ip-address=192.168.1.11 --generic-ssh-key .ssh/id_rsa node02
[root@node01 ~]# docker-machine create --driver generic --generic-ip-address=192.168.1.12 --generic-ssh-key .ssh/id_rsa node03
查看已添加的主机
[root@node01 ~]# docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
node01 - generic Running tcp://192.168.1.10:2376 v19.03.13
node02 - generic Running tcp://192.168.1.11:2376 v19.03.13
node03 - generic Running tcp://192.168.1.12:2376 v19.03.13
添加加速器
[root@node01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://z1pa8k3e.mirror.aliyuncs.com"]
}
[root@node01 ~]# systemctl daemon-reload
[root@node01 ~]# systemctl restart docker
5.常用命令
- active 查看活跃的 Docker 主机
- config 输出连接的配置信息
- create 创建一个 Docker 主机
- env 显示连接到某个主机需要的环境变量
- inspect 输出主机更多信息
- ip 获取主机地址
- kill 停止某个主机
- ls 列出所有管理的主机
- provision 重新设置一个已存在的主机
- regenerate-certs 为某个主机重新生成 TLS 认证信息
- restart 重启主机
- rm 删除某台主机
- ssh SSH 到主机上执行命令
- scp 在主机之间复制文件
- mount 挂载主机目录到本地
- start 启动一个主机
- status 查看主机状态
- stop 停止一个主机
- upgrade 更新主机 Docker 版本为最新
- url 获取主机的 URL
- version 输出 docker-machine 版本信息
- help 输出帮助信息
6.管理machine
1.优化docker-machine的shell
这样在 bash 能够通过 tab 键补全 docker-mahine 的子命令和参数。
[root@node01 ~]# vim /usr/local/etc/bash_completion.d
base=https://raw.githubusercontent.com/docker/machine/v0.16.0
for i in docker-machine-prompt.bash docker-machine-wrapper.bash docker-machine.bash
do
sudo wget "$base/contrib/completion/bash/${i}" -P /etc/bash_completion.d
done
[root@node01 ~]# source /usr/local/etc/bash_completion.d
--2020-09-28 21:08:04-- https://raw.githubusercontent.com/docker/machine/v0.16.0/contrib/completion/bash/docker-machine-prompt.bash
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1469 (1.4K) [text/plain]
Saving to: ‘/etc/bash_completion.d/docker-machine-prompt.bash’
100%[=============================================================>] 1,469 --.-K/s in 0s
2020-09-28 21:08:11 (32.3 MB/s) - ‘/etc/bash_completion.d/docker-machine-prompt.bash’ saved [1469/1469]
--2020-09-28 21:08:11-- https://raw.githubusercontent.com/docker/machine/v0.16.0/contrib/completion/bash/docker-machine-wrapper.bash
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1525 (1.5K) [text/plain]
Saving to: ‘/etc/bash_completion.d/docker-machine-wrapper.bash’
100%[=============================================================>] 1,525 --.-K/s in 0s
2020-09-28 21:08:18 (32.8 MB/s) - ‘/etc/bash_completion.d/docker-machine-wrapper.bash’ saved [1525/1525]
--2020-09-28 21:08:18-- https://raw.githubusercontent.com/docker/machine/v0.16.0/contrib/completion/bash/docker-machine.bash
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12211 (12K) [text/plain]
Saving to: ‘/etc/bash_completion.d/docker-machine.bash’
100%[=============================================================>] 12,211 19.1KB/s in 0.6s
2020-09-28 21:08:25 (19.1 KB/s) - ‘/etc/bash_completion.d/docker-machine.bash’ saved [12211/12211]
[root@node01 ~]# vim .bashrc
......
PS1='[\u@\h \W$(__docker_machine_ps1)]\$ '
[root@node01 ~]# source .bashrc
2.显示访问 node01 需要的所有环境变量
[root@node01 ~]# docker-machine env node01
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.1.10:2376"
export DOCKER_CERT_PATH="/root/.docker/machine/machines/node01"
export DOCKER_MACHINE_NAME="node01"
# Run this command to configure your shell:
# eval $(docker-machine env node01)
3.根据提示访问node02和node03
[root@node01 ~]# eval $(docker-machine env node02)
[root@node01 ~ [node02]]#
[root@node01 ~ [node02]]# eval $(docker-machine env node03)
[root@node01 ~ [node03]]#
4.在此状态下执行的所有 docker 命令其效果都相当于在 host3上执行,例如启动一个 busybox 容器
[root@node01 ~]# eval $(docker-machine env node03)
[root@node01 ~ [node03]]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
df8698476c65: Pull complete
Digest: sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
[root@node01 ~ [node03]]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 6858809bf669 2 weeks ago 1.23MB
[root@node01 ~ [node03]]# docker run -itd --name test busybox:latest
4b332581a8558564c9b25846a551d52ea307612162c1f32afa0fe5bbd1ececcf
[root@node01 ~ [node03]]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b332581a855 busybox:latest "sh" 7 seconds ago Up 4 seconds test
5.更新 machine 的 docker 到最新版本,可以批量执行
[root@node01 ~]# docker-machine upgrade node01 node02 node03
6.查看 machine 的 docker daemon 配置
[root@node01 ~]# docker-machine config node01
--tlsverify
--tlscacert="/root/.docker/machine/machines/node01/ca.pem"
--tlscert="/root/.docker/machine/machines/node01/cert.pem"
--tlskey="/root/.docker/machine/machines/node01/key.pem"
-H=tcp://192.168.1.10:2376
7.在不同 machine 之间拷贝文件
[root@node01 ~]# touch aa.txt bb.txt
[root@node01 ~]# docker-machine scp node01:/root/* node02:/root/
[root@node01 ~]# eval $(docker-machine env node02)
[root@node01 ~ [node02]]# ls
aa.txt anaconda-ks.cfg bb.txt
三、Docker-swarm
docker swarm集群:
| 主机 | IP |
|---|---|
| node01 | 192.168.1.40 |
| node02 | 192.168.1.41 |
| node03 | 192.168.1.42 |
关闭防火墙、禁用selinux、3台dockerhost区别主机名、时间同步
1.初始化集群
Docker-swarm官方文档
[root@docker-node01 ~]# docker swarm init --advertise-addr 192.168.1.40
Swarm initialized: current node (47yg1sfmqk4q7sovsitzv089v) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-9tx6ta40vacs0uesbngbvao9q 192.168.1.40:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
PS:–advertise-addr:指定与其他Node通信的地址。
添加其他节点
[root@docker-node02 ~]# docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-9tx6ta40vacs0uesbngbvao9q 192.168.1.40:2377
This node joined a swarm as a worker.
[root@docker node03 ~]# docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-9tx6ta40vacs0uesbngbvao9q 192.168.1.40:2377
This node joined a swarm as a worker.
扩展
PS:如果想要添加manager 节点: 运行下边的命令:
[root@docker-node01 ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-189jcfib6m4af09dtzwunras4 192.168.1.40:2377
PS:如果想要添加worker节点: 运行下边的命令:
[root@docker-node01 ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-9tx6ta40vacs0uesbngbvao9q 192.168.1.40:2377
查看节点详情
[root@docker-node01 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
47yg1sfmqk4q7sovsitzv089v * docker-node01 Ready Active Leader 18.09.0
o5983x3b7jagyqolbeortqb98 docker-node02 Ready Active 18.09.0
bbsrkjm4vw9f5zwtkbgjlg6jm docker-node03 Ready Active 18.09.0
1.1基本命令
(1)节点服务离开一个集群
[root@docker-node02 ~]# docker swarm leave
Node left the swarm.
PS:查看节点状态会变成down.然后可以通过manager node 将其删除。
(2)删除某个节点
[root@docker-node01 ~]# docker node rm docker-node02
docker-node02
(3)生成加入集群令牌
[root@docker-node01 ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-189jcfib6m4af09dtzwunras4 192.168.1.40:2377
[root@docker-node01 ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-4mb1b1meh40rhnoxz8evd0zyfw0ec35ovmm1i3m54plvc8jngt-9tx6ta40vacs0uesbngbvao9q 192.168.1.40:2377
(4)升级
将node02节点的work升级为manager
[root@docker-node01 ~]# docker node promote docker-node02
Node docker-node02 promoted to a manager in the swarm.
(5)降级
将node02节点的manager降级为work.
[root@docker-node01 ~]# docker node demote docker-node02
Manager docker-node02 demoted in the swarm.
(6)设置节点状态
节点状态有三个参数
- active:正常
- pause:暂停
- -drain:排除自身work任务
[root@docker-node01 ~]# docker node update --availability active docker-node01
docker-node01
2.部署集群网络
- overlay:覆盖型网络。
- attachable: 这个参数必须要加,否则网络不能用于容器。
[root@docker-node01 ~]# docker network create -d overlay --attachable docker
pzlqyddslejf04jhjpht4klhq
PS:我们在node1上创建的此网络,但在swarm的其他节点,是查看不到此网络信息的。但却能够直接使用此网络。
3.部署一个图形化webUI界面
[root@docker-node01 ~]# docker run -d -p 8080:8080 -e HOST=192.168.1.40 -e PORT=8080 -v /var/run/docker.sock:/var/run/docker.sock --name visualizer dockersamples/visualizer
Unable to find image 'dockersamples/visualizer:latest' locally
latest: Pulling from dockersamples/visualizer
cd784148e348: Pull complete
f6268ae5d1d7: Pull complete
97eb9028b14b: Pull complete
9975a7a2a3d1: Pull complete
ba903e5e6801: Pull complete
7f034edb1086: Pull complete
cd5dbf77b483: Pull complete
5e7311667ddb: Pull complete
687c1072bfcb: Pull complete
aa18e5d3472c: Pull complete
a3da1957bd6b: Pull complete
e42dbf1c67c4: Pull complete
5a18b01011d2: Pull complete
Digest: sha256:54d65cbcbff52ee7d789cd285fbe68f07a46e3419c8fcded437af4c616915c85
Status: Downloaded newer image for dockersamples/visualizer:latest
d9b61028ca86e8a749646890929c2d0c8bce8ad2e4aa207a00a6c01cda0389e6
如果访问不到网页,需要开启路由转发
[root@docker-node01 ~]# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
[root@docker-node01 ~]# sysctl -p
net.ipv4.ip_forward = 1
4.创建service服务
[root@docker-node01 ~]# docker service create --replicas 3 --network docker --name web1 -p 80 nginx
hywte0057jyjq0fbemp7e6jbc
overall progress: 3 out of 3 tasks
1/3: running
2/3: running
3/3: running
verify: Service converged
- –replicas:副本数量(可以理解为一个副本等于一个容器)
常用命令
(1)查看service
[root@docker-node01 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
hywte0057jyj web1 replicated 3/3 nginx:latest *:30000->80/tcp
(2)查看service信息
[root@docker-node01 ~]# docker service ps web1
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
jaez7x29edkn web1.1 nginx:latest docker-node01 Running Running 3 minutes ago
ryp8yol0bpcu web1.2 nginx:latest docker-node03 Running Running 2 minutes ago
atxmoemgry55 web1.3 nginx:latest docker-node02 Running Running 2 minutes ago
5.搭建私有仓库
[root@docker-node01 ~]# docker run -itd --name registry --restart always -p 5000:5000 registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
fb703f2c90c5c5f14e3077b3ec1bb26674a7e1a774b53e98b6a838b2aeef678d
[root@docker-node01 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.40:5000
[root@docker-node01 ~]# systemctl daemon-reload
[root@docker-node01 ~]# systemctl restart docker
[root@docker-node01 ~]# scp -rp /usr/lib/systemd/system/docker.service [email protected]:/usr/lib/systemd/system/docker.service
[root@docker-node01 ~]# scp -rp /usr/lib/systemd/system/docker.service [email protected]:/usr/lib/systemd/system/docker.service
6.自定义镜像
[root@docker-node01 ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
d121f8d1c412: Already exists
9cd35c2006cf: Pull complete
b6b9dec6e0f8: Pull complete
fc3f9b55fcc2: Pull complete
802357647f64: Pull complete
Digest: sha256:5ce7c20e45b407607f30b8f8ba435671c2ff80440d12645527be670eb8ce1961
Status: Downloaded newer image for httpd:latest
[root@docker-node01 ~]# docker run -itd --name httpd -p 80 httpd:latest
f59944f4d3ed0ec8c9d9e496e6201580c138e014db60d86d9fc0773ba6e88b97
[root@docker-node01 ~]# docker exec -it httpd bash
root@f59944f4d3ed:/usr/local/apache2# cd htdocs/
root@f59944f4d3ed:/usr/local/apache2/htdocs# echo 111 > index.html
root@f59944f4d3ed:/usr/local/apache2/htdocs# exit
exit
[root@docker-node01 ~]# docker commit httpd httpd:v1
sha256:d0ce35b9c08dbb85605b6f9bf5de47cca643f812b937c198d123eaaa3f6779c5
PS:上述方法创建镜像httpd:v2、 httpd:v3
7.发布一个服务,基于上述镜像
[root@docker-node01 ~]# docker service create --replicas 3 --name benet -p 80 httpd:v1
image httpd:v1 could not be accessed on a registry to record
its digest. Each node will access httpd:v1 independently,
possibly leading to different nodes running different
versions of the image.
l8vnr8vxtesp8sg22hlijz3y4
overall progress: 3 out of 3 tasks
1/3: running
2/3: running
3/3: running
verify: Service converged
默认的Ingress 网络,包括创建的自定义overlay网络,为后端真正为用户提供服务的container,提供了一个统一的入口。
8.服务的扩容与缩容
PS:扩容与缩容直接直接通过scale进行设置副本数量
[root@docker-node01 ~]# docker service scale benet=6
benet scaled to 6
overall progress: 6 out of 6 tasks
1/6: running
2/6: running
3/6: running
4/6: running
5/6: running
6/6: running
verify: Service converged
9.服务的升级与回滚
[root@docker-node01 ~]# docker service update --image httpd:v2 benet
PS:再次查看使用镜像已经从httpd:v1变成httpd:v2了
默认情况下,swarm一次只更新一个副本,并且两个副本之间没有等待
时间,我们可以通过
–update-parallelism; 设置并行更新的副本数量。
–update-delay: 指定滚动更新的时间间隔。
回滚操作
[root@docker-node01 ~]# docker service rollback benet
PS:docker swarm的回滚操作,默认只能回滚到上一次操作的状态,并不能连续回滚操作。
10.指定容器的运行节点
[root@docker-node01 ~]# docker node update --help
Usage: docker node update [OPTIONS] NODE
Update a node
Options:
--availability string Availability of the node ("active"|"pause"|"drain")
--label-add list Add or update a node label (key=value)
--label-rm list Remove a node label if exists
--role string Role of the node ("worker"|"manager")
给node02上添加一个标签(磁盘容量最大)
[root@docker-node01 ~]# docker node update --label-add disk=max docker-node02
docker-node02
[root@docker-node01 ~]# docker node inspect docker-node02 //查看标签信息
[
{
"ID": "x4crfyro92oijrnze729jozaf",
"Version": {
"Index": 1242
},
"CreatedAt": "2020-09-26T06:54:08.426674029Z",
"UpdatedAt": "2020-09-26T08:58:51.55494602Z",
"Spec": {
"Labels": {
"disk": "max"
},
删除标签
[root@docker-node01 ~]# docker node update --label-rm disk docker-node02
docker-node02
指定节点,运行服务
[root@docker-node01 ~]# docker service create --name aaa --replicas 3 --constraint 'node.labels.disk == max' nginx
[root@docker-node01 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
gb5kqv1xtaik test replicated 3/3 nginx:latest
[root@docker-node01 ~]# docker service ps test
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ttog5ism1zp9 test.1 nginx:latest docker-node02 Running Running about a minute ago
i78dv3angr99 test.2 nginx:latest docker-node02 Running Running about a minute ago
hha9t04w2hii test.3 nginx:latest docker-node02 Running Running about a minute ago