一、O、致谢¶
感谢Nigel Poulton开源支持,感兴趣的可以点击Nigel Poulton的Github主页
二、准备工作¶
1、Swarm模式 应用将采用Docker Stack部署,而Stack依赖Swarm模式 2、标签 某个Swarm worker节点需要自定义标签 3、密钥 应用所需的密钥需要在部署前创建完成 4、三台Linux主机需要开放以下端口: (1)2377/tcp 用于客户端与Swarm进行安全通信 (2)7946/tcp和7946/udp 用于节点之间的通信 (3)4789/udp 用于基于VXLAN的覆盖网络
Centos7主机开放端口,可参考Centos7如何开放指定端口 Ubuntu20.04主机开放端口,可参考Ubuntu20.04如何开放指定端口
三、主机介绍¶
| 主机名称 | 地址 | 版本 | 数量 |
|---|---|---|---|
| mgr1 | 192.168.100.110/24 | Ubuntu20.0.4 | 1台 |
| wrk1 | 192.168.100.100/24 | Centos7-X86_64-Eeverything2009 | 1台 |
| wrk2 | 192.168.100.101/24 | Centos7-X86_64-Eeverything2009 | 1台 |
四、搭建思路¶
1、创建新的Swarm 2、添加新的节点标签 3、创建密钥
五、搭建应用实验环境¶
5.1 创建新的Swarm¶
1、在mgr1上执行docker swarm init命令使其成为管理节点
root@docker-virtual-machine:~# docker swarm init
Swarm initialized: current node (m4jzzetxd.....womt50cfqlp) is now a manager.
2、在wrk1上执行以下命令使其成功工作节点,这里说明一下,以下执行命令都是在mgr1上执行docker swarm init命令后返回的内容。
[root@localhost ~]# docker swarm join --token SWMTKN-1-4ud9mb9ed1h5qqoy1c40n6c60wrdl24fn12.....sisxm5i0rk-a59wlrmz6574vdv198h25kb5c 192.168.100.110:2377
This node joined a swarm as a worker.
3、在wrk2上执行以下命令使其成功工作节点,这里说明一下,以下执行命令都是在mgr1上执行docker swarm init命令后返回的内容。
[root@localhost ~]# docker swarm join --token SWMTKN-1-4ud9mb9ed1h5qqoy1c40n6c60wrdl24fn12......sisxm5i0rk-a59wlrmz6574vdv198h25kb5c 192.168.100.110:2377
This node joined a swarm as a worker.
4、在mgr1上执行docker node ls命令查看当前swam节点。
root@docker-virtual-machine:~# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
m4jzzetx.....ewomt50cfqlp * docker-virtual-machine Ready Active Leader 20.10.21
07c04nmv.....5m2nas00gz2k wrk1 Ready Active 20.10.21
yoy2fv0w.....kftphyzk3aoc wrk2 Ready Active 20.10.21
5、至此,Swarm集群搭建完成。
5.2 添加新的节点标签¶
1、在mgr1上执行docker node update --label-add pcidss=yes wrk1命令添加节点标签到wrk1(主机名)
root@docker-virtual-machine:~# docker node update --label-add pcidss=yes wrk1
wrk1
2、在mgr1上执行docker node inspect wrk1命令确认节点标签,这里观察到节点标签已成功添加。
root@docker-virtual-machine:~# docker node inspect wrk1
[
{
"ID": "07c04nmvybeqj5m2nas00gz2k",
"Version": {
"Index": 24
},
"CreatedAt": "2022-11-06T05:24:39.933665813Z",
"UpdatedAt": "2022-11-06T05:38:22.318176748Z",
"Spec": {
"Labels": {
"pcidss": "yes"
},
"Role": "worker",
"Availability": "active"
},
...
...
5.3 创建密钥¶
1、在mgr1上执行执行openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt命令创建新的键值对,并将加密key放到Docker密钥文件中。最下面的个人信息可以随便填
root@docker-virtual-machine:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt
Generating a RSA private key
.....................................................................................++++
...........................................................................................................................++++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CH
State or Province Name (full name) [Some-State]:AN
Locality Name (eg, city) []:HF
Organization Name (eg, company) [Internet Widgits Pty Ltd]:22
Organizational Unit Name (eg, section) []:section
Common Name (e.g. server FQDN or YOUR name) []:zq
Email Address []:123456.qq.com
2、在mgr1上执行执行以下命令分别创建revprox_cert、revprox_key以及postgres_password密钥
root@docker-virtual-machine:~# docker secret create revprox_cert domain.crt
13wrw12qu9z1on09wtvdcaax7
root@docker-virtual-machine:~# docker secret create revprox_key domain.key
62pw9msu3g4gatmje7awaqbys
root@docker-virtual-machine:~# docker secret create postgres_password domain.key
mhehvz7h097c146txphfzfxgr
3、在mgr1上执行执行echo staging | docker secret create staging_token -命令创建staging_token密钥
root@docker-virtual-machine:~# echo staging | docker secret create staging_token -
4nlqsjz5zjry0g7aq9wej2vst
4、在mgr1上执行docker secret ls命令列出所有的密钥
root@docker-virtual-machine:~# docker secret ls
ID NAME DRIVER CREATED UPDATED
mhehvz7h097c146txphfzfxgr postgres_password 21 seconds ago 21 seconds ago
13wrw12qu9z1on09wtvdcaax7 revprox_cert 48 seconds ago 48 seconds ago
62pw9msu3g4gatmje7awaqbys revprox_key 40 seconds ago 40 seconds ago
4nlqsjz5zjry0g7aq9wej2vst staging_token 8 seconds ago 8 seconds ago
六、部署示例应用¶
6.1 提取源码¶
1、在mgr1上执行以下命令从Github下载源码
docker@docker-virtual-machine:~/Desktop$ git clone https://github.com/nigelpoulton/atsea-sample-shop-app.git
Cloning into 'atsea-sample-shop-app'...
remote: Enumerating objects: 632, done.
remote: Counting objects: 100% (92/92), done.
remote: Compressing objects: 100% (29/29), done.
remote: Total 632 (delta 69), reused 63 (delta 63), pack-reused 540
Receiving objects: 100% (632/632), 7.23 MiB | 9.38 MiB/s, done.
Resolving deltas: 100% (198/198), done.
6.2 部署stack应用¶
1、在mgr1上进入docker-stack.yml所在目录下执行docker stack deploy -c docker-stack.yml teststack命令部署stack应用,应用名为teststack
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker stack deploy -c docker-stack.yml teststack
Creating network teststack_back-tier
Creating network teststack_front-tier
Creating network teststack_payment
Creating network teststack_default
Creating service teststack_database
Creating service teststack_appserver
Creating service teststack_visualizer
Creating service teststack_payment_gateway
Creating service teststack_reverse_proxy
6.3 在线验证¶
1、在mgr1上执行docker network ls命令查看网络情况
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker network ls
NETWORK ID NAME DRIVER SCOPE
1jtmz0kf909x teststack_back-tier overlay swarm
olwj0anj8a3z teststack_default overlay swarm
n8rz810wgxgz teststack_front-tier overlay swarm
c4h265wy25w0 teststack_payment overlay swarm
2、在mgr1上执行docker service ls命令查看服务情况
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
yi4vlfzufyc8 teststack_appserver replicated 0/2 dockersamples/atsea_app:latest
sp2hl3tg2blp teststack_database replicated 0/1 dockersamples/atsea_db:latest
vj8aobjp6dvo teststack_payment_gateway replicated 0/1 dockersamples/atseasampleshopapp_payment_gateway:latest
uvpgdphy5dp3 teststack_reverse_proxy replicated 0/1 dockersamples/atseasampleshopapp_reverse_proxy:latest *:80->80/tcp, *:443->443/tcp
g27l3ov83ua2 teststack_visualizer replicated 0/1 dockersamples/visualizer:stable *:8001->8080/tcp
3、在mgr1上执行docker stack ls命令列出系统中全部的stack,其中包括每个stack包含多少服务。
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker stack ls
NAME SERVICES ORCHESTRATOR
teststack 5 Swarm
4、在mgr1上执行docker stack ps teststack命令查看teststack的详细信息,包括服务副本所在节点、当前状态、期望状态以及异常信息。
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker stack ps teststack
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
1f80jbkd55f0 teststack_appserver.1 dockersamples/atsea_app:latest wrk2 Running Preparing 9 minutes ago
621hriyuir0x teststack_appserver.2 dockersamples/atsea_app:latest wrk1 Running Preparing 9 minutes ago
4zweihu6kz56 teststack_database.1 dockersamples/atsea_db:latest wrk2 Running Preparing 9 minutes ago
4af2sb6rk59j teststack_payment_gateway.1 dockersamples/atseasampleshopapp_payment_gateway:latest wrk1 Running Preparing 9 minutes ago
gwlpkgzafmy9 teststack_reverse_proxy.1 dockersamples/atseasampleshopapp_reverse_proxy:latest docker-virtual-machine Running Preparing 8 minutes ago
pek8qxvuwdv3 teststack_visualizer.1 dockersamples/visualizer:stable docker-virtual-machine Running Preparing 9 minutes ago
5、在mgr1上执行docker service logs teststack_reverse_proxy命令查看teststack_reverse_proxy服务日志
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker service logs teststack_reverse_proxy
七、管理应用¶
下面针对Stack进行两个声明式修改,一个是增加appserver副本数,数量为2~10;另一个是将visualizer服务的优雅停止时间增加到2min。 1、执行vim docker-stack.yml命令打开文件,修改内容如下
deploy:
replicas: 10
visualizer:
stop_grace_period: 2m
2、修改完成后,执行cat docker-stack.yml命令进行查看
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# cat docker-stack.yml
...
...
appserver:
image: dockersamples/atsea_app
networks:
- front-tier
- back-tier
- payment
deploy:
replicas: 10 #修改内容
update_config:
parallelism: 2
...
...
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8001:8080"
stop_grace_period: 2m #修改内容
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
update_config:
failure_action: rollback
placement:
constraints:
- 'node.role == manager'
payment_gateway:
image: dockersamples/atseasampleshopapp_payment_gateway
secrets:
- source: staging_token
target: payment_token
networks:
- payment
deploy:
update_config:
failure_action: rollback
placement:
constraints:
- 'node.role == worker'
- 'node.labels.pcidss == yes'
3、执行docker stack deploy -c docker-stack.yml teststack命令重新部署应用,这里注意,重新部署的话只会更新存在变更的部分。
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker stack deploy -c docker-stack.yml teststack
Updating service teststack_payment_gateway (id: vj8aobjp6dvomh631xpylvdg9)
Updating service teststack_reverse_proxy (id: uvpgdphy5dp30vha44itefd9a)
Updating service teststack_database (id: sp2hl3tg2blpzesljwcu1veb3)
Updating service teststack_appserver (id: yi4vlfzufyc8rb9cmo63aa437)
Updating service teststack_visualizer (id: g27l3ov83ua267kydklyhnj2a)
4、执行docker stack ps teststack命令观察到appserver副本数量增加到10
root@docker-virtual-machine:/home/docker/Desktop/atsea-sample-shop-app-master# docker stack ps teststack
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
1f80jbkd55f0 teststack_appserver.1 dockersamples/atsea_app:latest wrk2 Running Preparing 38 minutes ago
621hriyuir0x teststack_appserver.2 dockersamples/atsea_app:latest wrk1 Running Preparing 38 minutes ago
h0j81cc1pndw teststack_appserver.3 dockersamples/atsea_app:latest wrk2 Running Preparing about a minute ago
ndkdlzgy2xo9 teststack_appserver.4 dockersamples/atsea_app:latest wrk1 Running Preparing about a minute ago
bgj1onx3kdsw teststack_appserver.5 dockersamples/atsea_app:latest wrk2 Running Preparing about a minute ago
ip0no4fq0oe9 teststack_appserver.6 dockersamples/atsea_app:latest wrk1 Running Preparing about a minute ago
xmf61o3zz73q teststack_appserver.7 dockersamples/atsea_app:latest wrk2 Running Preparing about a minute ago
lcseqw6ds40v teststack_appserver.8 dockersamples/atsea_app:latest wrk1 Running Preparing about a minute ago
io7stw5fwpcl teststack_appserver.9 dockersamples/atsea_app:latest wrk2 Running Preparing about a minute ago
rov20lfga41i teststack_appserver.10 dockersamples/atsea_app:latest wrk1 Running Preparing about a minute ago
八、小结¶
1、所有的变更都应该通过stack文件进行声明,然后通过docker stack deploy进行部署。 2、当删除某个stack后,其密钥(密钥在stack部署前就已经存在了)和卷不会被删除。