1、环境准备
本文中的案例会有四台机器,他们的Host和IP地址如下
c1 -> 10.0.0.31 c2 -> 10.0.0.32 c3 -> 10.0.0.33 c4 -> 10.0.0.34
四台机器的host以c1为例:
[root@c1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 #::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.31 c1 10.0.0.32 c2 10.0.0.33 c3 10.0.0.34 c4
1.1、Centos 7 64位安装
以c1安装为示例,安装过程中使用英文版本,然后点击continue
点击LOCALIZATION下面的Data & Time,然后选择Asia/shanghai时区,点击Done.
点击SYSTEM下面的INSTALLATION DESTINATION,选择你的硬盘后,在下面的单选框中,选择I will configure partitioning点击Done,我们来自定义硬盘和分区
点击Click here to create them automatically,系统会自动帮我们创建出推荐的分区格式。
我们将/home的挂载点删除掉,统一加到点/,文件类型是xfs,使用全部的硬盘空间,点击Update Settings,确保后面软件有足够的安装空间。 最后点击左上角的Done按钮
xfs是在Centos7.0开始提供的,原来的ext4虽然稳定,但最多只能有大概40多亿文件,单个文件大小最大只能支持到16T(4K block size) 的话。而XFS使用64位管理空间,文件系统规模可以达到EB级别。
用于正式生产的服务器,切记必须把数据盘单独分区,防止系统出问题时,保证数据的完整性。比如可以再划分一个,/data专门用来存放数据。
在弹出的窗口中点击Accept Changes
点击下图中的位置,设置机器的Host Name,这里我们安装机器的Host Name为c1
最后点击右下角的Begin Installation,过程中可以设置root的密码,也可以创建其他用户
1.2、网络配置
以下以c1为例
[root@c1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static #启用静态IP地址 DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no NAME=eth0 UUID=e57c6a58-1951-4cfa-b3d1-cf25c4cdebdd DEVICE=eth0 ONBOOT=yes #开启自动启用网络连接 IPADDR0=192.168.0.31 #设置IP地址 PREFIXO0=24 #设置子网掩码 GATEWAY0=192.168.0.1 #设置网关 DNS1=192.168.0.1 #设置DNS DNS2=8.8.8.8
重启网络:
[root@c1 ~]# service network restart
更改源为阿里云
[root@c1 ~]# yum install -y wget [root@c1 ~]# cd /etc/yum.repos.d/ [root@c1 yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak [root@c1 yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo [root@c1 yum.repos.d]# wget http://mirrors.163.com/.help/CentOS7-Base-163.repo [root@c1 yum.repos.d]# yum clean all [root@c1 yum.repos.d]# yum makecache
安装网络工具包和基础工具包
[root@c1 ~]# yum install net-tools checkpolicy gcc dkms foomatic openssh-server bash-completion -y
1.3、更改hostname
在四台机器上依次设置hostname,以下以c1为例
[root@localhost ~]# hostnamectl --static set-hostname c1 [root@localhost ~]# hostnamectl status Static hostname: c1 Icon name: computer-vm Chassis: vm Machine ID: e4ac9d1a9e9b4af1bb67264b83da59e4 Boot ID: a128517ed6cb41d083da61de5951a109 Virtualization: kvm Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-327.36.3.el7.x86_64 Architecture: x86-64
1.4、配置ssh免密码登录登录
先后在四台机器分别执行,以c1为例
[root@c1 ~]# ssh-keygen #一路按回车到最后
在免登录端修改配置文件
[root@c1 ~]# vi /etc/ssh/sshd_config
#找到以下内容,并去掉注释符# RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
将ssh-keygen生成的密钥,分别复制到其他三台机器,以下以c1为例
[root@c1 ~]# ssh-copy-id c1 The authenticity of host 'c1 (10.0.0.31)' can't be established. ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@c1's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'c1'" and check to make sure that only the key(s) you wanted were added. [root@c1 ~]# ssh-copy-id c2 The authenticity of host 'c2 (10.0.0.32)' can't be established. ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@c2's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'c2'" and check to make sure that only the key(s) you wanted were added. [root@c1 ~]# ssh-copy-id c3 The authenticity of host 'c3 (10.0.0.33)' can't be established. ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@c3's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'c3'" and check to make sure that only the key(s) you wanted were added. [root@c1 ~]# ssh-copy-id c4 The authenticity of host 'c4 (10.0.0.34)' can't be established. ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@c4's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'c4'" and check to make sure that only the key(s) you wanted were added.
测试密钥是否配置成功
[root@c1 ~]# for N in $(seq 1 4); do ssh c$N hostname; done; c1 c2 c3 c4
安装ntp时间同步工具和git
[root@c1 ~]# for N in $(seq 1 4); do ssh c$N yum install ntp git -y; done;
2、安装Docker1.12.3和初步配置
可以直接在github上获取Docker各个版本包:https://github.com/docker/docker/releases
链接中提供了所有的Docker核心包:http://yum.dockerproject.org/repo/main/centos/7/Packages/
2.1、安装Docker1.12.3
不建议直接使用Docker官方的docker yum源进行安装,因为会依据系统版本去选择Docker版本,不能指定相应的版本进行选择安装。在四台机器上依次执行下面的命令,可以将下面的命令,直接复制粘贴到命令行中
mkdir -p ~/_src && cd ~/_src && wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.3-1.el7.centos.noarch.rpm && wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.3-1.el7.centos.x86_64.rpm && wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-debuginfo-1.12.3-1.el7.centos.x86_64.rpm && yum localinstall -y docker-engine-selinux-1.12.3-1.el7.centos.noarch.rpm docker-engine-1.12.3-1.el7.centos.x86_64.rpm docker-engine-debuginfo-1.12.3-1.el7.centos.x86_64.rpm
2.2、 验证Docker是否安装成功
Centos7中Docker1.12中默认使用Docker作为客户端程序,使用dockerd作为服务端程序。
[root@c1 _src]# docker version Client: Version: 1.12.3 API version: 1.24 Go version: go1.6.3 Git commit: 6b644ec Built: OS/Arch: linux/amd64 Cannot connect to the Docker daemon. Is the docker daemon running on this host?
2.3、启动Docker daemon程序
在Docker1.12中,默认的daemon程序是dockerd,可以执行dockerd或者使用系统自带systemd去管理服务。但是需要注意的是,默认用的都是默认的参数,比如私有网段默认使用172.17.0.0/16 ,网桥使用docker0等等
[root@c1 _src]# dockerd INFO[0000] libcontainerd: new containerd process, pid: 6469 WARN[0000] containerd: low RLIMIT_NOFILE changing to max current=1024 max=4096 WARN[0001] devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section. WARN[0001] devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem will be ignored. INFO[0001] [graphdriver] using prior storage driver "devicemapper" INFO[0001] Graph migration to content-addressability took 0.00 seconds WARN[0001] mountpoint for pids not found INFO[0001] Loading containers: start. INFO[0001] Firewalld running: true INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address INFO[0001] Loading containers: done. INFO[0001] Daemon has completed initialization INFO[0001] Docker daemon commit=6b644ec graphdriver=devicemapper version=1.12.3 INFO[0001] API listen on /var/run/docker.sock
2.3、通过系统自带的systemctl启动docker,并启动docker服务
[root@c1 _src]# systemctl enable docker && systemctl start docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
使用dockerd --help查看启动参数
[root@c1 _src]# dockerd --help Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. Options: --add-runtime=[] Register an additional OCI compatible runtime --api-cors-header Set CORS headers in the remote API --authorization-plugin=[] Authorization plugins to load -b, --bridge #指定容器使用的网络接口,默认为docker0,也可以指定其他网络接口 --bip #指定桥接地址,即定义一个容器的私有网络 --cgroup-parent #为所有的容器指定父cgroup --cluster-advertise #为集群设定一个地址或者名字 --cluster-store #后端分布式存储的URL --cluster-store-opt=map[] #设置集群存储参数 --config-file=/etc/docker/daemon.json #指定配置文件 -D #启动debug模式 --default-gateway #为容器设定默认的ipv4网关(--default-gateway-v6) --dns=[] #设置dns --dns-opt=[] #设置dns参数 --dns-search=[] #设置dns域 --exec-opt=[] #运行时附加参数 --exec-root=/var/run/docker #设置运行状态文件存储目录 --fixed-cidr #为ipv4子网绑定ip -G, --group=docker #设置docker运行时的属组 -g, --graph=/var/lib/docker #设置docker运行时的家目录 -H, --host=[] #设置docker程序启动后套接字连接地址 --icc=true #是内部容器可以互相通信,环境中需要禁止内部容器访问 --insecure-registry=[] #设置内部私有注册中心地址 --ip=0.0.0.0 #当映射容器端口的时候默认的ip(这个应该是在多主机网络的时候会比较有用) --ip-forward=true #使net.ipv4.ip_forward生效,其实就是内核里面forward --ip-masq=true #启用ip伪装技术(容器访问外部程序默认不会暴露自己的ip) --iptables=true #启用容器使用iptables规则 -l, --log-level=info #设置日志级别 --live-restore #启用热启动(重启docker,保证容器一直运行1.12新特性) --log-driver=json-file #容器日志默认的驱动 --max-concurrent-downloads=3 #为每个pull设置最大并发下载 --max-concurrent-uploads=5 #为每个push设置最大并发上传 --mtu #设置容器网络的MTU --oom-score-adjust=-500 #设置内存oom的平分策略(-1000/1000) -p, --pidfile=/var/run/docker.pid #指定pid所在位置 -s, --storage-driver #设置docker存储驱动 --selinux-enabled #启用selinux的支持 --storage-opt=[] #存储参数驱动 --swarm-default-advertise-addr #设置swarm默认的node节点 --tls #使用tls加密 --tlscacert=~/.docker/ca.pem #配置tls CA 认证 --tlscert=~/.docker/cert.pem #指定认证文件 --tlskey=~/.docker/key.pem #指定认证keys --userland-proxy=true #为回环接口使用用户代理 --userns-remap #为用户态的namespaces设定用户或组
2.4、修改docker的配置文件
以下以c1为例,在ExecStart后面加上我们自定义的参数,其中三台机器也要做同步修改
[root@c1 ~]# vi /lib/systemd/system/docker.service
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker # Overlayfs跟AUFS很像,但是性能比AUFS好,有更好的内存利用。 # 加上阿里云的docker加速 ExecStart=/usr/bin/dockerd -s=overlay --registry-mirror=https://7rgqloza.mirror.aliyuncs.com --insecure-registry=localhost:5000 -H unix:///var/run/docker.sock --pidfile=/var/run/docker.pid ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target
重启docker服务,以保证新的配置生效
[root@c1 ~]# systemctl daemon-reload && systemctl restart docker.service
3、创建swarm 集群
10.0.0.31 (hostname:c1)作为swarm manager1
10.0.0.32 (hostname:c2)做为swarm manager2
10.0.0.33 (hostname:c3)做为swarm agent1
10.0.0.34 (hostname:c4)做为swarm agent2
3.1、开放firewall防火墙端口
在配置集群前要先开放防火墙的端口,将下面的命令,复制、粘贴到4台机器的命令行中执行。
firewall-cmd --zone=public --add-port=2377/tcp --permanent && firewall-cmd --zone=public --add-port=7946/tcp --permanent && firewall-cmd --zone=public --add-port=7946/udp --permanent && firewall-cmd --zone=public --add-port=4789/tcp --permanent && firewall-cmd --zone=public --add-port=4789/udp --permanent && firewall-cmd --reload
以c1为例,查看端口开放情况
[root@c1 ~]# firewall-cmd --list-ports 4789/tcp 4789/udp 7946/tcp 2377/tcp 7946/udp
3.2、设置swarm集群并将其他3台机器添加到集群
在c1上初始化swarm集群,用--listen-addr指定监听的ip与端口
[root@c1 ~]# docker swarm init --listen-addr 0.0.0.0 Swarm initialized: current node (73ju72f6nlyl9kiib7z5r0bsk) is now a manager. To add a worker to this swarm, run the following command: docker swarm join --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-4f1xl8ici0o32qfyru9y6wepv 10.0.0.31:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
使用docker swarm join-token manager可以查看加入为swarm manager的token
查看结果,可以看到我们现在只有一个节点
[root@c1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 73ju72f6nlyl9kiib7z5r0bsk * c1 Ready Active Leader
通过以下命令,我们将另外3台机器,加入到集群中,将下面的命令,复制、粘贴到c1的命令行中
for N in $(seq 2 4); do ssh c$N docker swarm join --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-4f1xl8ici0o32qfyru9y6wepv 10.0.0.31:2377 ;done
再次查看集群节点情况,可以看到其他机器已经添加到集群中,并且c1是leader状态
[root@c1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 2qn7aw9ihbjphtnm1toaoevq8 c4 Ready Active 4cxm0w5j3x4mqrj8f1kdrgln5 * c1 Ready Active Leader 4wqpz2v3b71q0ohzdifi94ma9 c2 Ready Active 9t9ceme3w14o4gfnljtfrkpgp c3 Ready Active
将c2也设置为集群的主节点,先在c1上查看加入到主节点的token
[root@c1 ~]# docker swarm join-token manager To add a manager to this swarm, run the following command: docker swarm join --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-b7k3agnzez1bjj3nfz2h93xh0 10.0.0.31:2377
根据c1的token信息,我们先在c2上脱离集群,再将c2加入到管理者
[root@c2 ~]# docker swarm leave Node left the swarm. [root@c2 ~]# docker swarm join > --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-b7k3agnzez1bjj3nfz2h93xh0 > 10.0.0.31:2377 This node joined a swarm as a manager.
这时我们在c1和c2任意一台机器,输入docker node ls都能够看到最新的集群节点状态,这时c2的MANAGER STATUS已经变为了Reachable
[root@c1 ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 2qn7aw9ihbjphtnm1toaoevq8 c4 Ready Active 4cxm0w5j3x4mqrj8f1kdrgln5 * c1 Ready Active Leader 4wqpz2v3b71q0ohzdifi94ma9 c2 Down Active 9t9ceme3w14o4gfnljtfrkpgp c3 Ready Active ai6peof1e9wyovp8uxn5b2ufe c2 Ready Active Reachable
因为之前我们是使用docker swarm leave,所以早期的c2的状态是Down,可以通过 docker node rm <ID>命令删除掉
3.3、创建一个overlay 网络
单台服务器的时候我们应用所有的容器都跑在一台主机上, 所以容器之间的网络是能够互通的. 现在我们的集群有4台主机,如何保证不同主机之前的docker是互通的呢?
swarm集群已经帮我们解决了这个问题了,就是只用overlay network.
在docker 1.12以前, swarm集群需要一个额外的key-value存储(consul, etcd etc). 来同步网络配置, 保证所有容器在同一个网段中. 在docker 1.12已经内置了这个存储, 集成了overlay networks的支持.
查看原有网络
[root@c1 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 23ee2bb5a2a1 bridge bridge local fd17ed8db4d8 docker_gwbridge bridge local 6878c36aa311 host host local 08tt2s4pqf96 ingress overlay swarm 7c18e57e24f2 none null local
可以看到在swarm上默认已有一个名为ingress的overlay 网络,默认在swarm里使用,本文会创建一个新的
创建一个名为idoall-org的overlay网络
[root@c1 ~]# docker network create --subnet=10.0.9.0/24 --driver overlay idoall-org e63ca0d7zcbxqpp4svlv5x04v [root@c1 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 5e47ba02a985 bridge bridge local fd17ed8db4d8 docker_gwbridge bridge local 6878c36aa311 host host local e63ca0d7zcbx idoall-org overlay swarm 08tt2s4pqf96 ingress overlay swarm 7c18e57e24f2 none null local
新的网络(idoall-org)已创建
--subnet 用于指定创建overlay网络的网段,也可以省略此参数
可以使用docker network inspect idoall-org查看我们添加的网络信息
[root@c1 ~]# docker network inspect idoall-org [ { "Name": "idoall-org", "Id": "e63ca0d7zcbxqpp4svlv5x04v", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "10.0.9.0/24", "Gateway": "10.0.9.1" } ] }, "Internal": false, "Containers": null, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "257" }, "Labels": null } ]
3.4、在网络上运行容器
用alpine镜像在idoall-org网络上启动3个实例
[root@c1 ~]# docker service create --name idoall-org-test-ping --replicas 3 --network=idoall-org alpine ping baidu.com avcrdsntx8b8ei091lq5cl76y [root@c1 ~]# docker service ps idoall-org-test-ping ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR 42vigh5lxkvgge9zo27hfah88 idoall-org-test-ping.1 alpine c4 Running Starting 1 seconds ago aovr8r7r7lykzmxqs30e8s4ee idoall-org-test-ping.2 alpine c3 Running Starting 1 seconds ago c7pv2o597qycsqzqzgjwwtw8b idoall-org-test-ping.3 alpine c1 Running Running 3 seconds ago
可以看到3个实例,分别部署在c1、c3、c4三台机器上
也可以使用--mode golbal 指定service运行在每个swarm节点上,稍后会有介绍
3.5、扩展(Scaling)应用
假设在程序运行的时候,发现资源不够用,我们可以使用scale进行扩展,现在有3个实例,我们更改为4个实例
[root@c1 ~]# docker service scale idoall-org-test-ping=4 idoall-org-test-ping scaled to 4 [root@c1 ~]# docker service ps idoall-org-test-ping ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR 42vigh5lxkvgge9zo27hfah88 idoall-org-test-ping.1 alpine c4 Running Running 4 minutes ago aovr8r7r7lykzmxqs30e8s4ee idoall-org-test-ping.2 alpine c3 Running Running 4 minutes ago c7pv2o597qycsqzqzgjwwtw8b idoall-org-test-ping.3 alpine c1 Running Running 4 minutes ago 72of5dfm67duccxsdyt1e25qd idoall-org-test-ping.4 alpine c2 Running Running 1 seconds ago
3.6、对service服务进行指定运行
在上面的案例中,不管你的实例是几个,是由swarm自动调度定义执行在某个节点上。我们可以通过在创建service的时候可以使用--constraints参数,来对service进行限制,例如我们指定一个服务在c4上运行:
[root@c1 ~]# docker service create --network idoall-org --name idoall-org --constraint 'node.hostname==c4' -p 9000:9000 idoall/golang-revel
服务启动以后,通过浏览http://10.0.0.31:9000/,或者31-34的任意IP,都可以看到效果,Docker Swarm会自动做负载均衡,稍后会介绍关于Docker Swarm的负载均衡
由于各地的网络不同,下载镜像可能有些慢,可以使用下面的命令,对命名为idoall-org的镜像进行监控
[root@c1 ~]# watch docker service ps idoall-org
除了hostname也可以使用其他节点属性来创建约束表达式写法参见下表:
我们也可以通过docker node update命令,来为机器添加label,例如:
[root@c1 ~]# docker node update --label-add site=idoall-org c1 [root@c2 ~]# docker node inspect c1 [ { "ID": "4cxm0w5j3x4mqrj8f1kdrgln5", "Version": { "Index": 108 }, "CreatedAt": "2016-12-11T11:13:32.495274292Z", "UpdatedAt": "2016-12-11T12:00:05.956367412Z", "Spec": { "Labels": { "site": "idoall-org" ... ]
对于已有service, 可以通过docker service update,添加constraint配置, 例如:
[root@c1 ~]# docker service update registry --constraint-add 'node.labels.site==idoall-org'
3.7、测试docker swarm网络是否能互通
在c1上执行
[root@c1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c683692b0153 alpine:latest "ping baidu.com" 25 minutes ago Up 25 minutes idoall-org-test-ping.4.c7pv2o597qycsqzqzgjwwtw8b [root@c1 ~]# docker exec -it 47e5 sh / # ping idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm PING idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm (10.0.9.8): 56 data bytes 64 bytes from 10.0.9.8: seq=0 ttl=64 time=1.080 ms 64 bytes from 10.0.9.8: seq=1 ttl=64 time=1.349 ms 64 bytes from 10.0.9.8: seq=2 ttl=64 time=1.026 ms
idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm是容器在c4上运行的名称
在使用exec进入容器的时候,可以只输入容器id的前4位
在c4上执行
[root@c4 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1ead9bb757a0 idoall/docker-golang1.7.4-revel0.13:latest "/usr/bin/supervisord" About a minute ago Up 58 seconds idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm 033531b30b79 alpine:latest "ping baidu.com" About a minute ago Up About a minute idoall-org-test-ping.1.6st5xvehh7c3bwaxsen3r4gpn [root@c2 ~]# docker exec -it f49c435c94ea sh bash-4.3# ping idoall-org-test-ping.4.cirnop0kxbuxiyjh87ii6hh4x PING idoall-org-test-ping.4.cirnop0kxbuxiyjh87ii6hh4x (10.0.9.6): 56 data bytes 64 bytes from 10.0.9.6: seq=0 ttl=64 time=0.531 ms 64 bytes from 10.0.9.6: seq=1 ttl=64 time=0.700 ms 64 bytes from 10.0.9.6: seq=2 ttl=64 time=0.756 ms
3.8、测试dokcer swarm自带的负载均衡
使用--mode global参数,在每个节点上创建一个web服务
[root@c1 ~]# docker service create --name whoami --mode global -p 8000:8000 jwilder/whoami 1u87lrzlktgskt4g6ae30xzb8 [root@c1 ~]# docker service ps whoami ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR cjf5w0pv5bbrph2gcvj508rvj whoami jwilder/whoami c2 Running Running 16 minutes ago dokh8j4z0iuslye0qa662axqv \_ whoami jwilder/whoami c3 Running Running 16 minutes ago dumjwz4oqc5xobvjv9rosom0w \_ whoami jwilder/whoami c1 Running Running 16 minutes ago bbzgdau14p5b4puvojf06gn5s \_ whoami jwilder/whoami c4 Running Running 16 minutes ago
在任意一台机器上执行以下命令,可以发现,每次获取到的都是不同的值,超过4次以后,会继续轮询到第1台机器
[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000 I'm 8c2eeb5d420f [root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000 I'm 0b56c2a5b2a4 [root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000 I'm 000982389fa0 [root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000 I'm db8d3e839de5 [root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000 I'm 8c2eeb5d420f
博文作者:迦壹
博客地址:Centos7的安装、Docker1.12.3的安装,以及Docker Swarm集群的简单实例
转载声明:可以转载, 但必须以超链接形式标明文章原始出处和作者信息及版权声明,谢谢合作!
博客地址:Centos7的安装、Docker1.12.3的安装,以及Docker Swarm集群的简单实例
转载声明:可以转载, 但必须以超链接形式标明文章原始出处和作者信息及版权声明,谢谢合作!