您好,登錄后才能下訂單哦!
本篇內容介紹了“Docker Swarm集群創建與可視化管理方法是什么”的有關知識,在實際案例的操作過程中,不少人都會遇到這樣的困境,接下來就讓小編帶領大家學習一下如何處理這些情況吧!希望大家仔細閱讀,能夠學有所成!
節點信息:
manager:192.168.220.194
worker1:192.168.220.173
worker2:192.168.220.197
技術棧:
Docker 1.12
Shipyard
swarm
etcd
SwarmOps
rethinkdb
docker-proxy
所需資源包:
quick start:
1、安裝docker 1.12 (所有節點,內核限制最低centos7)
設置docker1.12 yum源:
cat > /etc/yum.repos.d/docker.repo <<-EOF
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/experimental/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
開放端口(manager節點):
firewall-cmd --zone=public --add-port=2375/tcp --permanent
firewall-cmd --zone=public --add-port=2377/tcp --permanent
firewall-cmd --zone=public --add-port=3375/tcp --permanent
firewall-cmd --zone=public --add-port=4001/tcp --permanent
firewall-cmd --zone=public --add-port=7001/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=10130/tcp --permanent
firewall-cmd --reload
開放端口(worker節點):
firewall-cmd --zone=public --add-port=2375/tcp --permanent
firewall-cmd --zone=public --add-port=2377/tcp --permanent
firewall-cmd --zone=public --add-port=3375/tcp --permanent
firewall-cmd --reload
安裝docker1.12:
yum -y install docker-engine
設置開機自啟動:
systemctl enable docker
開啟docker服務:
systemctl start docker
設置加速器(國內源):
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://e80d24c6.m.daocloud.io
重啟docker服務:
systemctl restart docker
初始化swarm集群:
docker swarm init
輸出信息如下:
Swarm initialized: current node (9r76p77projw3olxbmzmdfura) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-1m8h611662w4s79nus0az57fucoypykm199b6lc88hr6mu7zeb-1b7ks1s15o2d5xssllqq8u4no \
192.168.220.143:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
worker節點加入swarm集群:
docker swarm join --token SWMTKN-1-1m8h611662w4s79nus0az57fucoypykm199b6lc88hr6mu7zeb-1b7ks1s15o2d5xssllqq8u4no 192.168.220.143:2377
輸出信息如下:
This node joined a swarm as a worker.
查看swarm節點:
docker node ls
輸出信息如下:
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
9r76p77projw3olxbmzmdfura * DockerH1 Ready Active Leader
athdt83y3sxw6oo8sp7tnnmh4 DockerH1 Ready Active
查看master節點token:
1、添加manager節點:
docker swarm join-token manager
2、添加worker節點:
docker swarm join-token worker
輸出信息如下:
To add a manager to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-1m8h611662w4s79nus0az57fucoypykm199b6lc88hr6mu7zeb-3knrcvyaj6uz3df7jkm13w0iu \
192.168.220.143:2377
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-1m8h611662w4s79nus0az57fucoypykm199b6lc88hr6mu7zeb-1b7ks1s15o2d5xssllqq8u4no \
192.168.220.143:2377
節點退出swarm集群:
docker swarm leave
2、安裝Shipyard集群管理服務:
導入啟動文件:
docker.sh
文件內容:
【docker.sh】
--------------------------------------------------------------------------------------------------------
#!/bin/bash
if [ "$1" != "" ] && [ "$1" = "-h" ]; then
echo "Shipyard Deploy uses the following environment variables:"
echo " ACTION: this is the action to use (deploy, upgrade, node, remove)"
echo " DISCOVERY: discovery system used by Swarm (only if using 'node' action)"
echo " IMAGE: this overrides the default Shipyard image"
echo " PREFIX: prefix for container names"
echo " SHIPYARD_ARGS: these are passed to the Shipyard controller container as controller args"
echo " TLS_CERT_PATH: path to certs to enable TLS for Shipyard"
echo " PORT: specify the listen port for the controller (default: 8080)"
echo " IP: specify the address at which the controller or node will be available (default: eth0 ip)"
echo " PROXY_PORT: port to run docker proxy (default: 2375)"
exit 1
fi
if [ -z "`which docker`" ]; then
echo "You must have the Docker CLI installed on your \$PATH"
echo " See http://docs.docker.com for details"
exit 1
fi
ACTION=${ACTION:-deploy}
IMAGE=${IMAGE:-shipyard/shipyard:latest}
PREFIX=${PREFIX:-shipyard}
SHIPYARD_ARGS=${SHIPYARD_ARGS:-""}
TLS_CERT_PATH=${TLS_CERT_PATH:-}
CERT_PATH="/etc/shipyard"
PROXY_PORT=${PROXY_PORT:-2375}
SWARM_PORT=3375
SHIPYARD_PROTOCOL=http
SHIPYARD_PORT=${PORT:-8080}
SHIPYARD_IP=${IP}
DISCOVERY_BACKEND=etcd
DISCOVERY_PORT=4001
DISCOVERY_PEER_PORT=7001
ENABLE_TLS=0
CERT_FINGERPRINT=""
LOCAL_CA_CERT=""
LOCAL_SSL_CERT=""
LOCAL_SSL_KEY=""
LOCAL_SSL_CLIENT_CERT=""
LOCAL_SSL_CLIENT_KEY=""
SSL_CA_CERT=""
SSL_CERT=""
SSL_KEY=""
SSL_CLIENT_CERT=""
SSL_CLIENT_KEY=""
show_cert_help() {
echo "To use TLS in Shipyard, you must have existing certificates."
echo "The certs must be named ca.pem, server.pem, server-key.pem, cert.pem and key.pem"
echo "If you need to generate certificates, see https://github.com/ehazlett/certm for examples."
}
check_certs() {
if [ -z "$TLS_CERT_PATH" ]; then
return
fi
if [ ! -e $TLS_CERT_PATH ]; then
echo "Error: unable to find certificates in $TLS_CERT_PATH"
show_cert_help
exit 1
fi
if [ "$PROXY_PORT" = "2375" ]; then
PROXY_PORT=2376
fi
SWARM_PORT=3376
SHIPYARD_PROTOCOL=https
LOCAL_SSL_CA_CERT="$TLS_CERT_PATH/ca.pem"
LOCAL_SSL_CERT="$TLS_CERT_PATH/server.pem"
LOCAL_SSL_KEY="$TLS_CERT_PATH/server-key.pem"
LOCAL_SSL_CLIENT_CERT="$TLS_CERT_PATH/cert.pem"
LOCAL_SSL_CLIENT_KEY="$TLS_CERT_PATH/key.pem"
SSL_CA_CERT="$CERT_PATH/ca.pem"
SSL_CERT="$CERT_PATH/server.pem"
SSL_KEY="$CERT_PATH/server-key.pem"
SSL_CLIENT_CERT="$CERT_PATH/cert.pem"
SSL_CLIENT_KEY="$CERT_PATH/key.pem"
CERT_FINGERPRINT=$(openssl x509 -noout -in $LOCAL_SSL_CERT -fingerprint -sha256 | awk -F= '{print $2;}')
if [ ! -e $LOCAL_SSL_CA_CERT ] || [ ! -e $LOCAL_SSL_CERT ] || [ ! -e $LOCAL_SSL_KEY ] || [ ! -e $LOCAL_SSL_CLIENT_CERT ] || [ ! -e $LOCAL_SSL_CLIENT_KEY ]; then
echo "Error: unable to find certificates"
show_cert_help
exit 1
fi
ENABLE_TLS=1
}
# container functions
start_certs() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-certs \
-v $CERT_PATH \
alpine \
sh)
if [ $ENABLE_TLS = 1 ]; then
docker cp $LOCAL_SSL_CA_CERT $PREFIX-certs:$SSL_CA_CERT
docker cp $LOCAL_SSL_CERT $PREFIX-certs:$SSL_CERT
docker cp $LOCAL_SSL_KEY $PREFIX-certs:$SSL_KEY
docker cp $LOCAL_SSL_CLIENT_CERT $PREFIX-certs:$SSL_CLIENT_CERT
docker cp $LOCAL_SSL_CLIENT_KEY $PREFIX-certs:$SSL_CLIENT_KEY
fi
}
remove_certs() {
docker rm -fv $PREFIX-certs > /dev/null 2>&1
}
get_ip() {
if [ -z "$SHIPYARD_IP" ]; then
SHIPYARD_IP=`docker run --rm --net=host alpine ip route get 8.8.8.8 | awk '{ print $7; }'`
fi
}
start_discovery() {
get_ip
ID=$(docker run \
-ti \
-d \
-p 4001:4001 \
-p 7001:7001 \
--restart=always \
--name $PREFIX-discovery \
microbox/etcd:latest -addr $SHIPYARD_IP:$DISCOVERY_PORT -peer-addr $SHIPYARD_IP:$DISCOVERY_PEER_PORT)
}
remove_discovery() {
docker rm -fv $PREFIX-discovery > /dev/null 2>&1
}
start_rethinkdb() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-rethinkdb \
rethinkdb)
}
remove_rethinkdb() {
docker rm -fv $PREFIX-rethinkdb > /dev/null 2>&1
}
start_proxy() {
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="-e SSL_CA=$SSL_CA_CERT -e SSL_CERT=$SSL_CERT -e SSL_KEY=$SSL_KEY -e SSL_SKIP_VERIFY=1"
fi
# Note: we add SSL_SKIP_VERIFY=1 to skip verification of the client
# certificate in the proxy image. this will pass it to swarm that
# does verify. this helps with performance and avoids certificate issues
# when running through the proxy. ultimately if the cert is invalid
# swarm will fail to return.
ID=$(docker run \
-ti \
-d \
-p $PROXY_PORT:$PROXY_PORT \
--hostname=$HOSTNAME \
--restart=always \
--name $PREFIX-proxy \
-v /var/run/docker.sock:/var/run/docker.sock \
-e PORT=$PROXY_PORT \
--volumes-from=$PREFIX-certs $TLS_OPTS\
shipyard/docker-proxy:latest)
}
remove_proxy() {
docker rm -fv $PREFIX-proxy > /dev/null 2>&1
}
start_swarm_manager() {
get_ip
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="--tlsverify --tlscacert=$SSL_CA_CERT --tlscert=$SSL_CERT --tlskey=$SSL_KEY"
fi
EXTRA_RUN_OPTS=""
if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-manager \
--volumes-from=$PREFIX-certs $EXTRA_RUN_OPTS \
swarm:latest \
m --replication --addr $SHIPYARD_IP:$SWARM_PORT --host tcp://0.0.0.0:$SWARM_PORT $TLS_OPTS $DISCOVERY)
}
remove_swarm_manager() {
docker rm -fv $PREFIX-swarm-manager > /dev/null 2>&1
}
start_swarm_agent() {
get_ip
if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-agent $EXTRA_RUN_OPTS \
swarm:latest \
j --addr $SHIPYARD_IP:$PROXY_PORT $DISCOVERY)
}
remove_swarm_agent() {
docker rm -fv $PREFIX-swarm-agent > /dev/null 2>&1
}
start_controller() {
#-v $CERT_PATH:/etc/docker:ro \
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="--tls-ca-cert $SSL_CA_CERT --tls-cert=$SSL_CERT --tls-key=$SSL_KEY --shipyard-tls-ca-cert=$SSL_CA_CERT --shipyard-tls-cert=$SSL_CERT --shipyard-tls-key=$SSL_KEY"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-controller \
--link $PREFIX-rethinkdb:rethinkdb \
--link $PREFIX-swarm-manager:swarm \
-p $SHIPYARD_PORT:$SHIPYARD_PORT \
--volumes-from=$PREFIX-certs \
$IMAGE \
--debug \
server \
--listen :$SHIPYARD_PORT \
-d tcp://swarm:$SWARM_PORT $TLS_OPTS $SHIPYARD_ARGS)
}
wait_for_available() {
set +e
IP=$1
PORT=$2
echo Waiting for Shipyard on $IP:$PORT
docker pull ehazlett/curl > /dev/null 2>&1
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="-k"
fi
until $(docker run --rm ehazlett/curl --output /dev/null --connect-timeout 1 --silent --head --fail $TLS_OPTS $SHIPYARD_PROTOCOL://$IP:$PORT/ > /dev/null 2>&1); do
printf '.'
sleep 1
done
printf '\n'
}
remove_controller() {
docker rm -fv $PREFIX-controller > /dev/null 2>&1
}
if [ "$ACTION" = "deploy" ]; then
set -e
check_certs
get_ip
echo "Deploying Shipyard"
echo " -> Starting Database"
start_rethinkdb
echo " -> Starting Discovery"
start_discovery
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager
echo " -> Starting Swarm Agent"
start_swarm_agent
echo " -> Starting Controller"
start_controller
wait_for_available $SHIPYARD_IP $SHIPYARD_PORT
echo "Shipyard available at $SHIPYARD_PROTOCOL://$SHIPYARD_IP:$SHIPYARD_PORT"
if [ $ENABLE_TLS = 1 ] && [ ! -z "$CERT_FINGERPRINT" ]; then
echo "SSL SHA-256 Fingerprint: $CERT_FINGERPRINT"
fi
echo "Username: admin Password: shipyard"
elif [ "$ACTION" = "node" ]; then
set -e
if [ -z "$DISCOVERY" ]; then
echo "You must set the DISCOVERY environment variable"
echo "with the discovery system used with Swarm"
exit 1
fi
check_certs
echo "Adding Node"
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager $DISCOVERY
echo " -> Starting Swarm Agent"
start_swarm_agent
echo "Node added to Swarm: $SHIPYARD_IP"
elif [ "$ACTION" = "upgrade" ]; then
set -e
check_certs
get_ip
echo "Upgrading Shipyard"
echo " -> Pulling $IMAGE"
docker pull $IMAGE
echo " -> Upgrading Controller"
remove_controller
start_controller
wait_for_available $SHIPYARD_IP $SHIPYARD_PORT
echo "Shipyard controller updated"
elif [ "$ACTION" = "remove" ]; then
# ignore errors
set +e
echo "Removing Shipyard"
echo " -> Removing Database"
remove_rethinkdb
echo " -> Removing Discovery"
remove_discovery
echo " -> Removing Cert Volume"
remove_certs
echo " -> Removing Proxy"
remove_proxy
echo " -> Removing Swarm Agent"
remove_swarm_agent
echo " -> Removing Swarm Manager"
remove_swarm_manager
echo " -> Removing Controller"
remove_controller
echo "Done"
else
echo "Unknown action $ACTION"
exit 1
fi
--------------------------------------------------------------------------------------------------------
加載鏡像(manager節點)
docker load < shipyard.tar.gz
docker load < shipyard-docker-proxy.tar.gz
docker load < swarm.tar.gz
docker load < microbox-etcd.tar.gz
docker load < rethinkdb.tar.gz
docker load < alpine.tar.gz
運行以下命令:
bash docker.sh
加載鏡像(worker節點)
docker load < shipyard-docker-proxy.tar.gz
docker load < swarm.tar.gz
docker load < alpine.tar.gz
運行以下命令:
export ACTION=node DISCOVERY=etcd://<manager host ip>:4001 && bash docker.sh
查看所有節點swarm-manager日志:
docker logs -f shipyard-swarm-manager
顯示如下則表示服務啟動成功:
若出現如下錯誤:
解決方案:(所有節點)
停止docker服務,刪除/etc/docker/key.json,啟動docker服務
systemctl stop docker.service (所有節點同時進行,即都在刪除key.json文件前執行)
rm -rf /etc/docker/key.json (所有節點同時進行,即都在停止docker服務后刪除key.json)
systemctl start docker.service (所有節點同時進行,即都在刪除key.json文件后執行)
瀏覽器訪問:
http://<manager host ip>:8080
節點信息:
3、安裝SwarmOps:
加載SwarmOps鏡像:
docker load < swarmops.tar.gz
啟動SwarmOps容器:
docker run -tdi --name swarmops --net=host --restart=always swarmops:0.0.2
瀏覽器訪問:
http://<manager host ip>:10130
“Docker Swarm集群創建與可視化管理方法是什么”的內容就介紹到這里了,感謝大家的閱讀。如果想了解更多行業相關的知識可以關注億速云網站,小編將為大家輸出更多高質量的實用文章!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。