文章目录
- 一、Docker swarm
- 工作模式
- 搭建集群
- Raft 协议
- 体会
- 二、Docker Stack
- 三、Docker Secret
- 四、Docker Config
- 总结
一、Docker swarm
环境准备:阿里云购买四台服务器
给四台服务器安装docker和相关配置
4、安装gcc
[root@iZwz95f5dll51l4nwqpoklZ ~]# yum -y install gcc
Loaded plugins: fastestmirror
Determining fastest mirrors
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/7): epel/x86_64/group_gz | 96 kB 00:00:00
(2/7): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/7): extras/7/x86_64/primary_db | 247 kB 00:00:00
(4/7): epel/x86_64/updateinfo | 1.1 MB 00:00:00
(5/7): epel/x86_64/primary_db | 7.0 MB 00:00:00
(6/7): updates/7/x86_64/primary_db | 16 MB 00:00:00
(7/7): base/7/x86_64/primary_db | 6.1 MB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-36.el7_6.2 will be updated
---> Package gcc.x86_64 0:4.8.5-44.el7 will be an update
--> Processing Dependency: libgomp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: cpp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libgcc >= 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-36.el7_6.2 will be updated
---> Package cpp.x86_64 0:4.8.5-44.el7 will be an update
---> Package libgcc.x86_64 0:4.8.5-36.el7_6.2 will be updated
---> Package libgcc.x86_64 0:4.8.5-44.el7 will be an update
---> Package libgomp.x86_64 0:4.8.5-36.el7_6.2 will be updated
---> Package libgomp.x86_64 0:4.8.5-44.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================
Package Arch Version Repository Size
======================================================================================
Updating:
gcc x86_64 4.8.5-44.el7 base 16 M
Updating for dependencies:
cpp x86_64 4.8.5-44.el7 base 5.9 M
libgcc x86_64 4.8.5-44.el7 base 103 k
libgomp x86_64 4.8.5-44.el7 base 159 k
Transaction Summary
======================================================================================
Upgrade 1 Package (+3 Dependent packages)
Total download size: 22 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/4): cpp-4.8.5-44.el7.x86_64.rpm | 5.9 MB 00:00:00
(2/4): libgcc-4.8.5-44.el7.x86_64.rpm | 103 kB 00:00:00
(3/4): libgomp-4.8.5-44.el7.x86_64.rpm | 159 kB 00:00:00
(4/4): gcc-4.8.5-44.el7.x86_64.rpm | 16 MB 00:00:00
--------------------------------------------------------------------------------------
Total 50 MB/s | 22 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libgomp-4.8.5-44.el7.x86_64 1/8
Updating : libgcc-4.8.5-44.el7.x86_64 2/8
Updating : cpp-4.8.5-44.el7.x86_64 3/8
Updating : gcc-4.8.5-44.el7.x86_64 4/8
Cleanup : gcc-4.8.5-36.el7_6.2.x86_64 5/8
Cleanup : cpp-4.8.5-36.el7_6.2.x86_64 6/8
Cleanup : libgcc-4.8.5-36.el7_6.2.x86_64 7/8
Cleanup : libgomp-4.8.5-36.el7_6.2.x86_64 8/8
Verifying : cpp-4.8.5-44.el7.x86_64 1/8
Verifying : gcc-4.8.5-44.el7.x86_64 2/8
Verifying : libgcc-4.8.5-44.el7.x86_64 3/8
Verifying : libgomp-4.8.5-44.el7.x86_64 4/8
Verifying : libgcc-4.8.5-36.el7_6.2.x86_64 5/8
Verifying : libgomp-4.8.5-36.el7_6.2.x86_64 6/8
Verifying : cpp-4.8.5-36.el7_6.2.x86_64 7/8
Verifying : gcc-4.8.5-36.el7_6.2.x86_64 8/8
Updated:
gcc.x86_64 0:4.8.5-44.el7
Dependency Updated:
cpp.x86_64 0:4.8.5-44.el7 libgcc.x86_64 0:4.8.5-44.el7
libgomp.x86_64 0:4.8.5-44.el7
Complete!
5、安装需要的软件包
[root@iZwz95f5dll51l4nwqpoklZ ~]# yum install -y yum-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package yum-utils.noarch 0:1.1.31-54.el7_8 will be installed
--> Processing Dependency: python-kitchen for package: yum-utils-1.1.31-54.el7_8.noarch
--> Processing Dependency: libxml2-python for package: yum-utils-1.1.31-54.el7_8.noarch
--> Running transaction check
---> Package libxml2-python.x86_64 0:2.9.1-6.el7_9.6 will be installed
--> Processing Dependency: libxml2 = 2.9.1-6.el7_9.6 for package: libxml2-python-2.9.1-6.el7_9.6.x86_64
---> Package python-kitchen.noarch 0:1.1.1-5.el7 will be installed
--> Processing Dependency: python-chardet for package: python-kitchen-1.1.1-5.el7.noarch
--> Running transaction check
---> Package libxml2.x86_64 0:2.9.1-6.el7_2.3 will be updated
---> Package libxml2.x86_64 0:2.9.1-6.el7_9.6 will be an update
---> Package python-chardet.noarch 0:2.2.1-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================
Package Arch Version Repository Size
======================================================================================
Installing:
yum-utils noarch 1.1.31-54.el7_8 base 122 k
Installing for dependencies:
libxml2-python x86_64 2.9.1-6.el7_9.6 updates 247 k
python-chardet noarch 2.2.1-3.el7 base 227 k
python-kitchen noarch 1.1.1-5.el7 base 267 k
Updating for dependencies:
libxml2 x86_64 2.9.1-6.el7_9.6 updates 668 k
Transaction Summary
======================================================================================
Install 1 Package (+3 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 1.5 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/5): python-kitchen-1.1.1-5.el7.noarch.rpm | 267 kB 00:00:00
(2/5): yum-utils-1.1.31-54.el7_8.noarch.rpm | 122 kB 00:00:00
(3/5): python-chardet-2.2.1-3.el7.noarch.rpm | 227 kB 00:00:00
(4/5): libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm | 247 kB 00:00:00
(5/5): libxml2-2.9.1-6.el7_9.6.x86_64.rpm | 668 kB 00:00:00
--------------------------------------------------------------------------------------
Total 6.1 MB/s | 1.5 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libxml2-2.9.1-6.el7_9.6.x86_64 1/6
Installing : libxml2-python-2.9.1-6.el7_9.6.x86_64 2/6
Installing : python-chardet-2.2.1-3.el7.noarch 3/6
Installing : python-kitchen-1.1.1-5.el7.noarch 4/6
Installing : yum-utils-1.1.31-54.el7_8.noarch 5/6
Cleanup : libxml2-2.9.1-6.el7_2.3.x86_64 6/6
Verifying : python-chardet-2.2.1-3.el7.noarch 1/6
Verifying : libxml2-2.9.1-6.el7_9.6.x86_64 2/6
Verifying : libxml2-python-2.9.1-6.el7_9.6.x86_64 3/6
Verifying : python-kitchen-1.1.1-5.el7.noarch 4/6
Verifying : yum-utils-1.1.31-54.el7_8.noarch 5/6
Verifying : libxml2-2.9.1-6.el7_2.3.x86_64 6/6
Installed:
yum-utils.noarch 0:1.1.31-54.el7_8
Dependency Installed:
libxml2-python.x86_64 0:2.9.1-6.el7_9.6 python-chardet.noarch 0:2.2.1-3.el7
python-kitchen.noarch 0:1.1.1-5.el7
Dependency Updated:
libxml2.x86_64 0:2.9.1-6.el7_9.6
Complete!
设置镜像仓库
[root@iZwz95f5dll51l4nwqpoklZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
7、更新yum软件包索引
[root@iZwz95f5dll51l4nwqpoklZ ~]# yum makecache fast
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00:00
(2/2): docker-ce-stable/7/x86_64/primary_db | 80 kB 00:00:00
Metadata Cache Created
8、安装 Doceker CE
[root@iZwz95f5dll51l4nwqpoklZ ~]# yum install docker-ce docker-ce-cli containerd.io
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package containerd.io.x86_64 0:1.6.6-3.1.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.6.6-3.1.el7.x86_64
---> Package docker-ce.x86_64 3:20.10.17-3.el7 will be installed
--> Processing Dependency: docker-ce-rootless-extras for package: 3:docker-ce-20.10.17-3.el7.x86_64
--> Processing Dependency: libcgroup for package: 3:docker-ce-20.10.17-3.el7.x86_64
---> Package docker-ce-cli.x86_64 1:20.10.17-3.el7 will be installed
--> Processing Dependency: docker-scan-plugin(x86-64) for package: 1:docker-ce-cli-20.10.17-3.el7.x86_64
--> Running transaction check
---> Package container-selinux.noarch 2:2.119.2-1.911c772.el7_8 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.119.2-1.911c772.el7_8.noarch
---> Package docker-ce-rootless-extras.x86_64 0:20.10.17-3.el7 will be installed
--> Processing Dependency: fuse-overlayfs >= 0.7 for package: docker-ce-rootless-extras-20.10.17-3.el7.x86_64
--> Processing Dependency: slirp4netns >= 0.4 for package: docker-ce-rootless-extras-20.10.17-3.el7.x86_64
---> Package docker-scan-plugin.x86_64 0:0.17.0-3.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-21.el7 will be installed
--> Running transaction check
---> Package fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 will be installed
--> Processing Dependency: libfuse3.so.3(FUSE_3.2)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
--> Processing Dependency: libfuse3.so.3(FUSE_3.0)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
--> Processing Dependency: libfuse3.so.3()(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
---> Package policycoreutils-python.x86_64 0:2.5-34.el7 will be installed
--> Processing Dependency: policycoreutils = 2.5-34.el7 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
---> Package slirp4netns.x86_64 0:0.4.3-4.el7_8 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be installed
--> Processing Dependency: audit-libs(x86-64) = 2.8.5-4.el7 for package: audit-libs-python-2.8.5-4.el7.x86_64
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package fuse3-libs.x86_64 0:3.6.1-4.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be updated
---> Package policycoreutils.x86_64 0:2.5-34.el7 will be an update
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Running transaction check
---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be updated
--> Processing Dependency: audit-libs(x86-64) = 2.8.4-4.el7 for package: audit-2.8.4-4.el7.x86_64
---> Package audit-libs.x86_64 0:2.8.5-4.el7 will be an update
--> Running transaction check
---> Package audit.x86_64 0:2.8.4-4.el7 will be updated
---> Package audit.x86_64 0:2.8.5-4.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================
Package Arch Version Repository Size
======================================================================================
Installing:
containerd.io x86_64 1.6.6-3.1.el7 docker-ce-stable 33 M
docker-ce x86_64 3:20.10.17-3.el7 docker-ce-stable 22 M
docker-ce-cli x86_64 1:20.10.17-3.el7 docker-ce-stable 29 M
Installing for dependencies:
audit-libs-python x86_64 2.8.5-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
container-selinux noarch 2:2.119.2-1.911c772.el7_8 extras 40 k
docker-ce-rootless-extras x86_64 20.10.17-3.el7 docker-ce-stable 8.2 M
docker-scan-plugin x86_64 0.17.0-3.el7 docker-ce-stable 3.7 M
fuse-overlayfs x86_64 0.7.2-6.el7_8 extras 54 k
fuse3-libs x86_64 3.6.1-4.el7 extras 82 k
libcgroup x86_64 0.41-21.el7 base 66 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
policycoreutils-python x86_64 2.5-34.el7 base 457 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
slirp4netns x86_64 0.4.3-4.el7_8 extras 81 k
Updating for dependencies:
audit x86_64 2.8.5-4.el7 base 256 k
audit-libs x86_64 2.8.5-4.el7 base 102 k
policycoreutils x86_64 2.5-34.el7 base 917 k
Transaction Summary
======================================================================================
Install 3 Packages (+13 Dependent packages)
Upgrade ( 3 Dependent packages)
Total download size: 100 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/19): audit-libs-2.8.5-4.el7.x86_64.rpm | 102 kB 00:00:00
(2/19): audit-libs-python-2.8.5-4.el7.x86_64.rpm | 76 kB 00:00:00
(3/19): audit-2.8.5-4.el7.x86_64.rpm | 256 kB 00:00:00
(4/19): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00
(5/19): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 40 kB 00:00:00
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-20.10.17-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-20.10.17-3.el7.x86_64.rpm is not installed
(6/19): docker-ce-20.10.17-3.el7.x86_64.rpm | 22 MB 00:01:16
(7/19): containerd.io-1.6.6-3.1.el7.x86_64.rpm | 33 MB 00:01:51
(8/19): docker-ce-rootless-extras-20.10.17-3.el7.x86_64.rpm | 8.2 MB 00:00:28
(9/19): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm | 54 kB 00:00:00
(10/19): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00
(11/19): fuse3-libs-3.6.1-4.el7.x86_64.rpm | 82 kB 00:00:00
(12/19): libcgroup-0.41-21.el7.x86_64.rpm | 66 kB 00:00:00
(13/19): policycoreutils-2.5-34.el7.x86_64.rpm | 917 kB 00:00:00
(14/19): policycoreutils-python-2.5-34.el7.x86_64.rpm | 457 kB 00:00:00
(15/19): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00
(16/19): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00
(17/19): slirp4netns-0.4.3-4.el7_8.x86_64.rpm | 81 kB 00:00:00
(18/19): docker-scan-plugin-0.17.0-3.el7.x86_64.rpm | 3.7 MB 00:00:13
(19/19): docker-ce-cli-20.10.17-3.el7.x86_64.rpm | 29 MB 00:01:42
--------------------------------------------------------------------------------------
Total 570 kB/s | 100 MB 02:59
Retrieving key from https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : audit-libs-2.8.5-4.el7.x86_64 1/22
Updating : policycoreutils-2.5-34.el7.x86_64 2/22
Installing : libcgroup-0.41-21.el7.x86_64 3/22
Installing : audit-libs-python-2.8.5-4.el7.x86_64 4/22
Installing : 1:docker-ce-cli-20.10.17-3.el7.x86_64 5/22
Installing : docker-scan-plugin-0.17.0-3.el7.x86_64 6/22
Installing : slirp4netns-0.4.3-4.el7_8.x86_64 7/22
Installing : libsemanage-python-2.5-14.el7.x86_64 8/22
Installing : fuse3-libs-3.6.1-4.el7.x86_64 9/22
Installing : fuse-overlayfs-0.7.2-6.el7_8.x86_64 10/22
Installing : setools-libs-3.3.8-4.el7.x86_64 11/22
Installing : python-IPy-0.75-6.el7.noarch 12/22
Installing : checkpolicy-2.5-8.el7.x86_64 13/22
Installing : policycoreutils-python-2.5-34.el7.x86_64 14/22
Installing : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 15/22
setsebool: SELinux is disabled.
Installing : containerd.io-1.6.6-3.1.el7.x86_64 16/22
Installing : 3:docker-ce-20.10.17-3.el7.x86_64 17/22
Installing : docker-ce-rootless-extras-20.10.17-3.el7.x86_64 18/22
Updating : audit-2.8.5-4.el7.x86_64 19/22
Cleanup : audit-2.8.4-4.el7.x86_64 20/22
Cleanup : policycoreutils-2.5-29.el7_6.1.x86_64 21/22
Cleanup : audit-libs-2.8.4-4.el7.x86_64 22/22
Verifying : docker-ce-rootless-extras-20.10.17-3.el7.x86_64 1/22
Verifying : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 2/22
Verifying : audit-libs-2.8.5-4.el7.x86_64 3/22
Verifying : checkpolicy-2.5-8.el7.x86_64 4/22
Verifying : policycoreutils-2.5-34.el7.x86_64 5/22
Verifying : python-IPy-0.75-6.el7.noarch 6/22
Verifying : policycoreutils-python-2.5-34.el7.x86_64 7/22
Verifying : docker-scan-plugin-0.17.0-3.el7.x86_64 8/22
Verifying : fuse-overlayfs-0.7.2-6.el7_8.x86_64 9/22
Verifying : setools-libs-3.3.8-4.el7.x86_64 10/22
Verifying : fuse3-libs-3.6.1-4.el7.x86_64 11/22
Verifying : audit-2.8.5-4.el7.x86_64 12/22
Verifying : libsemanage-python-2.5-14.el7.x86_64 13/22
Verifying : slirp4netns-0.4.3-4.el7_8.x86_64 14/22
Verifying : 3:docker-ce-20.10.17-3.el7.x86_64 15/22
Verifying : audit-libs-python-2.8.5-4.el7.x86_64 16/22
Verifying : containerd.io-1.6.6-3.1.el7.x86_64 17/22
Verifying : 1:docker-ce-cli-20.10.17-3.el7.x86_64 18/22
Verifying : libcgroup-0.41-21.el7.x86_64 19/22
Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 20/22
Verifying : audit-libs-2.8.4-4.el7.x86_64 21/22
Verifying : audit-2.8.4-4.el7.x86_64 22/22
Installed:
containerd.io.x86_64 0:1.6.6-3.1.el7 docker-ce.x86_64 3:20.10.17-3.el7
docker-ce-cli.x86_64 1:20.10.17-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7
checkpolicy.x86_64 0:2.5-8.el7
container-selinux.noarch 2:2.119.2-1.911c772.el7_8
docker-ce-rootless-extras.x86_64 0:20.10.17-3.el7
docker-scan-plugin.x86_64 0:0.17.0-3.el7
fuse-overlayfs.x86_64 0:0.7.2-6.el7_8
fuse3-libs.x86_64 0:3.6.1-4.el7
libcgroup.x86_64 0:0.41-21.el7
libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7
setools-libs.x86_64 0:3.3.8-4.el7
slirp4netns.x86_64 0:0.4.3-4.el7_8
Dependency Updated:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7
policycoreutils.x86_64 0:2.5-34.el7
Complete!
9、 #启动 Docker
[root@iZwz95f5dll51l4nwqpoklZ ~]# systemctl start docker
10、测试命令
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker version #查看docker版本
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:05:12 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:03:33 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:13e367d31ae85359f42d637adf6da428f76d75dc9afeb3c21faea0d976f5c651
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 9 months ago 13.3kB
11、配置镜像加速器
[root@iZwz95f5dll51l4nwqpoklZ ~]# vim /etc/docker/daemon.json
[root@iZwz95f5dll51l4nwqpoklZ ~]# sudo systemctl daemon-reload
[root@iZwz95f5dll51l4nwqpoklZ ~]# sudo systemctl restart docker
[root@iZwz95f5dll51l4nwqpoklZ ~]# sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2022-07-12 15:10:22 CST; 10s ago
Docs: https://docs.docker.com
Main PID: 2104 (dockerd)
Tasks: 7
Memory: 33.6M
CGroup: /system.slice/docker.service
└─2104 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd...
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.5...c
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.5...c
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.5..."
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.5..."
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.6..."
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.7..."
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.7...7
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.7..."
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ systemd[1]: Started Docker Application Con....
Jul 12 15:10:22 iZwz95f5dll51l4nwqpoklZ dockerd[2104]: time="2022-07-12T15:10:22.7..."
Hint: Some lines were ellipsized, use -l to show in full.
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
工作模式
地址:https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/ How nodes work
Estimated reading time: 2 minutes
Docker Engine 1.12 introduces swarm mode that enables you to create a cluster of one or more Docker Engines called a swarm. A swarm consists of one or more nodes: physical or virtual machines running Docker Engine 1.12 or later in swarm mode.
There are two types of nodes: managers and workers.
Swarm mode cluster
If you haven’t already, read through the swarm mode overview and key concepts.
搭建集群
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
096e17ddbe96 bridge bridge local
b47358c003f8 host host local
43864ceb4b88 none null local
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm --help
Usage: docker swarm COMMAND
Manage Swarm
Commands:
ca Display and rotate the root CA
init Initialize a swarm
join Join a swarm as a node and/or manager
join-token Manage join tokens
leave Leave the swarm
unlock Unlock swarm
unlock-key Manage the unlock key
update Update the swarm
Run 'docker swarm COMMAND --help' for more information on a command.
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm init --help
Usage: docker swarm init [OPTIONS]
Initialize a swarm
Options:
--advertise-addr string Advertised address (format:
<ip|interface>[:port])
--autolock Enable manager autolocking
(requiring an unlock key to
start a stopped manager)
--availability string Availability of the node
("active"|"pause"|"drain")
(default "active")
--cert-expiry duration Validity period for node
certificates (ns|us|ms|s|m|h)
(default 2160h0m0s)
--data-path-addr string Address or interface to use for
data path traffic (format:
<ip|interface>)
--data-path-port uint32 Port number to use for data path
traffic (1024 - 49151). If no
value is set or is set to 0, the
default port (4789) is used.
--default-addr-pool ipNetSlice default address pool in CIDR
format (default [])
--default-addr-pool-mask-length uint32 default address pool subnet mask
length (default 24)
--dispatcher-heartbeat duration Dispatcher heartbeat period
(ns|us|ms|s|m|h) (default 5s)
--external-ca external-ca Specifications of one or more
certificate signing endpoints
--force-new-cluster Force create a new cluster from
current state
--listen-addr node-addr Listen address (format:
<ip|interface>[:port]) (default
0.0.0.0:2377)
--max-snapshots uint Number of additional Raft
snapshots to retain
--snapshot-interval uint Number of log entries between
Raft snapshots (default 10000)
--task-history-limit int Task history retention limit
(default 5)
[root@iZwz95f5dll51l4nwqpoklZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:10:29:ef brd ff:ff:ff:ff:ff:ff
inet 172.27.47.238/20 brd 172.27.47.255 scope global dynamic eth0
valid_lft 315356501sec preferred_lft 315356501sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:d7:36:13:b1 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
初始化结点 docker swarm init
docker swarm join 加入一个节点!
# 获取令牌
docker swarm join-token worker
docker swarm join-token manager
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm init --advertise-addr 172.27.47.238
Swarm initialized: current node (lpz0pcqzz4nebrx1n1nv70k30) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-43e276wfu19r1du7huetimxf4jqfbzte3scyth32lsvopsqn6n-2iz2xp92yc5xhuuve0azs2wzg 172.27.47.238:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-43e276wfu19r1du7huetimxf4jqfbzte3scyth32lsvopsqn6n-2iz2xp92yc5xhuuve0azs2wzg 172.27.47.238:2377
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-43e276wfu19r1du7huetimxf4jqfbzte3scyth32lsvopsqn6n-e68pj1rchb8fzx8mbahibomjg 172.27.47.238:2377
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
lpz0pcqzz4nebrx1n1nv70k30 * iZwz95f5dll51l4nwqpoklZ Ready Active Leader 20.10.17
i0u681w4fc52t0y3cl5476mgk iZwz95f5dll51l4nwqpokmZ Ready Active 20.10.17
euc2lpioze5ttkgnh2q7n8m0f iZwz95f5dll51l4nwqpoknZ Ready Active 20.10.17
35lb3gt0iy3kqikufrk1vzynp iZwz95f5dll51l4nwqpokoZ Ready Active Reachable 20.10.17
步骤:
1、生成主节点init
2、加入(管理者、worker)
Raft 协议
双主双从:假设一个节点挂了!其他节点是否可以用!
Raft协议:保证大多数节点存活才可以使用。只要>1,集群至少大于>3台!
实验:
1、将docker1机器停止。宕机!双主,另外一个主节点也不能使用了!
2、可以将其他节点离开
命令:
[root@iZwz95f5dll51l4nwqpoklZ ~]# docker swarm leave --force
3、work 就是工作、管理节点操作!3台机器设置为管理节点。
十分简单:集群,可用!3个主节点。>1台管理节点存活!
Raft协议:保证大多数节点,才可以使用,高可用!
体会
弹性、扩缩容!集群!以后告别docker run!
docker-compose up!启动一个项目,单机!
集群:swarm、docker service
容器=>服务!
容器=>!=>副本!
redis 服务=>10个副本!(同时开启10个redis容器)
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service create --help
Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
Create a new service
Options:
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--config config Specify configurations to expose to the service
--constraint list Placement constraints
--container-label list Container labels
--credential-spec credential-spec Credential spec for managed service
account (Windows only)
-d, --detach Exit immediately instead of waiting for
the service to converge
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip")
--entrypoint command Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--generic-resource list User defined resources
--group list Set one or more supplementary user groups
for the container
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to
initialize before counting retries towards
unstable (ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run
(ms|s|m|h)
--host list Set one or more custom host-to-IP mappings
(host:ip)
--hostname string Container hostname
--init Use an init inside each service container
to forward signals and reap processes
--isolation string Service container isolation mode
-l, --label list Service labels
--limit-cpu decimal Limit CPUs
--limit-memory bytes Limit Memory
--limit-pids int Limit maximum number of processes (default
0 = unlimited)
--log-driver string Logging driver for service
--log-opt list Logging driver options
--max-concurrent uint Number of job tasks to run concurrently
(default equal to --replicas)
--mode string Service mode (replicated, global,
replicated-job, or global-job) (default
"replicated")
--mount mount Attach a filesystem mount to the service
--name string Service name
--network network Network attachments
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image
digest and supported platforms
--placement-pref pref Add a placement preference
-p, --publish port Publish a port as a node port
-q, --quiet Suppress progress output
--read-only Mount the container's root filesystem as
read only
--replicas uint Number of tasks
--replicas-max-per-node uint Maximum number of tasks per node (default
0 = unlimited)
--reserve-cpu decimal Reserve CPUs
--reserve-memory bytes Reserve Memory
--restart-condition string Restart when condition is met
("none"|"on-failure"|"any") (default "any")
--restart-delay duration Delay between restart attempts
(ns|us|ms|s|m|h) (default 5s)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy
(ns|us|ms|s|m|h)
--rollback-delay duration Delay between task rollbacks
(ns|us|ms|s|m|h) (default 0s)
--rollback-failure-action string Action on rollback failure
("pause"|"continue") (default "pause")
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback
(default 0)
--rollback-monitor duration Duration after each task rollback to
monitor for failure (ns|us|ms|s|m|h)
(default 5s)
--rollback-order string Rollback order
("start-first"|"stop-first") (default
"stop-first")
--rollback-parallelism uint Maximum number of tasks rolled back
simultaneously (0 to roll back all at
once) (default 1)
--secret secret Specify secrets to expose to the service
--stop-grace-period duration Time to wait before force killing a
container (ns|us|ms|s|m|h) (default 10s)
--stop-signal string Signal to stop the container
--sysctl list Sysctl options
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
--update-delay duration Delay between updates (ns|us|ms|s|m|h)
(default 0s)
--update-failure-action string Action on update failure
("pause"|"continue"|"rollback") (default
"pause")
--update-max-failure-ratio float Failure rate to tolerate during an update
(default 0)
--update-monitor duration Duration after each task update to monitor
for failure (ns|us|ms|s|m|h) (default 5s)
--update-order string Update order ("start-first"|"stop-first")
(default "stop-first")
--update-parallelism uint Maximum number of tasks updated
simultaneously (0 to update all at once)
(default 1)
-u, --user string Username or UID (format:
<name|uid>[:<group|gid>])
--with-registry-auth Send registry authentication details to
swarm agents
-w, --workdir string Working directory inside the container
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service create -p 8888:80 --name nginx001 nginx
g6v7sp4aws8nng5oni46mg6r8
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
1、docker run 容器启动!不具有扩缩容器
2、docker service 服务!具有扩缩容器,滚动更新!
查看服务
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service ps nginx001
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
wt1r51xchqo6 nginx001.1 nginx:latest iZwz95f5dll51l4nwqpokoZ Running Running 2 minutes ago
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
g6v7sp4aws8n nginx001 replicated 1/1 nginx:latest *:8888->80/tcp
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service inspect nginx001
[
{
"ID": "g6v7sp4aws8nng5oni46mg6r8",
"Version": {
"Index": 54
},
"CreatedAt": "2022-07-12T08:27:14.927425746Z",
"UpdatedAt": "2022-07-12T08:27:14.929733589Z",
"Spec": {
"Name": "nginx001",
"Labels": {},
"TaskTemplate": {
"ContainerSpec": {
"Image": "nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31",
"Init": false,
"StopGracePeriod": 10000000000,
"DNSConfig": {},
"Isolation": "default"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "any",
"Delay": 5000000000,
"MaxAttempts": 0
},
"Placement": {
"Platforms": [
{
"Architecture": "amd64",
"OS": "linux"
},
{
"OS": "linux"
},
{
"OS": "linux"
},
{
"Architecture": "arm64",
"OS": "linux"
},
{
"Architecture": "386",
"OS": "linux"
},
{
"Architecture": "mips64le",
"OS": "linux"
},
{
"Architecture": "ppc64le",
"OS": "linux"
},
{
"Architecture": "s390x",
"OS": "linux"
}
]
},
"ForceUpdate": 0,
"Runtime": "container"
},
"Mode": {
"Replicated": {
"Replicas": 1
}
},
"UpdateConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"RollbackConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"EndpointSpec": {
"Mode": "vip",
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 8888,
"PublishMode": "ingress"
}
]
}
},
"Endpoint": {
"Spec": {
"Mode": "vip",
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 8888,
"PublishMode": "ingress"
}
]
},
"Ports": [
{
"Protocol": "tcp",
"TargetPort": 80,
"PublishedPort": 8888,
"PublishMode": "ingress"
}
],
"VirtualIPs": [
{
"NetworkID": "rrn2vos2uzrib0d9szximcl0e",
"Addr": "10.0.0.8/24"
}
]
}
}
]
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7009cf02504 nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp nginx001.1.wt1r51xchqo6gq7mxq86zarem
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
g6v7sp4aws8n nginx001 replicated 1/1 nginx:latest *:8888->80/tcp
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service update --help
Usage: docker service update [OPTIONS] SERVICE
Update a service
Options:
--args command Service command args
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--config-add config Add or update a config file on a service
--config-rm list Remove a configuration file
--constraint-add list Add or update a placement constraint
--constraint-rm list Remove a constraint
--container-label-add list Add or update a container label
--container-label-rm list Remove a container label by its key
--credential-spec credential-spec Credential spec for managed service
account (Windows only)
-d, --detach Exit immediately instead of waiting for
the service to converge
--dns-add list Add or update a custom DNS server
--dns-option-add list Add or update a DNS option
--dns-option-rm list Remove a DNS option
--dns-rm list Remove a custom DNS server
--dns-search-add list Add or update a custom DNS search domain
--dns-search-rm list Remove a DNS search domain
--endpoint-mode string Endpoint mode (vip or dnsrr)
--entrypoint command Overwrite the default ENTRYPOINT of the image
--env-add list Add or update an environment variable
--env-rm list Remove an environment variable
--force Force update even if no changes require it
--generic-resource-add list Add a Generic resource
--generic-resource-rm list Remove a Generic resource
--group-add list Add an additional supplementary user group
to the container
--group-rm list Remove a previously added supplementary
user group from the container
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to
initialize before counting retries towards
unstable (ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run
(ms|s|m|h)
--host-add list Add a custom host-to-IP mapping (host:ip)
--host-rm list Remove a custom host-to-IP mapping (host:ip)
--hostname string Container hostname
--image string Service image tag
--init Use an init inside each service container
to forward signals and reap processes
--isolation string Service container isolation mode
--label-add list Add or update a service label
--label-rm list Remove a label by its key
--limit-cpu decimal Limit CPUs
--limit-memory bytes Limit Memory
--limit-pids int Limit maximum number of processes (default
0 = unlimited)
--log-driver string Logging driver for service
--log-opt list Logging driver options
--max-concurrent uint Number of job tasks to run concurrently
(default equal to --replicas)
--mount-add mount Add or update a mount on a service
--mount-rm list Remove a mount by its target path
--network-add network Add a network
--network-rm list Remove a network
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image
digest and supported platforms
--placement-pref-add pref Add a placement preference
--placement-pref-rm pref Remove a placement preference
--publish-add port Add or update a published port
--publish-rm port Remove a published port by its target port
-q, --quiet Suppress progress output
--read-only Mount the container's root filesystem as
read only
--replicas uint Number of tasks
--replicas-max-per-node uint Maximum number of tasks per node (default
0 = unlimited)
--reserve-cpu decimal Reserve CPUs
--reserve-memory bytes Reserve Memory
--restart-condition string Restart when condition is met
("none"|"on-failure"|"any")
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy
(ns|us|ms|s|m|h)
--rollback Rollback to previous specification
--rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h)
--rollback-failure-action string Action on rollback failure ("pause"|"continue")
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback
--rollback-monitor duration Duration after each task rollback to
monitor for failure (ns|us|ms|s|m|h)
--rollback-order string Rollback order ("start-first"|"stop-first")
--rollback-parallelism uint Maximum number of tasks rolled back
simultaneously (0 to roll back all at once)
--secret-add secret Add or update a secret on a service
--secret-rm list Remove a secret
--stop-grace-period duration Time to wait before force killing a
container (ns|us|ms|s|m|h)
--stop-signal string Signal to stop the container
--sysctl-add list Add or update a Sysctl option
--sysctl-rm list Remove a Sysctl option
-t, --tty Allocate a pseudo-TTY
--ulimit-add ulimit Add or update a ulimit option (default [])
--ulimit-rm list Remove a ulimit option
--update-delay duration Delay between updates (ns|us|ms|s|m|h)
--update-failure-action string Action on update failure
("pause"|"continue"|"rollback")
--update-max-failure-ratio float Failure rate to tolerate during an update
--update-monitor duration Duration after each task update to monitor
for failure (ns|us|ms|s|m|h)
--update-order string Update order ("start-first"|"stop-first")
--update-parallelism uint Maximum number of tasks updated
simultaneously (0 to update all at once)
-u, --user string Username or UID (format:
<name|uid>[:<group|gid>])
--with-registry-auth Send registry authentication details to
swarm agents
-w, --workdir string Working directory inside the container
动态扩缩容
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service update --replicas 3 nginx001
nginx001
overall progress: 3 out of 3 tasks
1/3: running
2/3: running
3/3: running
verify: Service converged
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
g6v7sp4aws8n nginx001 replicated 3/3 nginx:latest *:8888->80/tcp
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7009cf02504 nginx:latest "/docker-entrypoint.…" 13 minutes ago Up 13 minutes 80/tcp nginx001.1.wt1r51xchqo6gq7mxq86zarem
服务,集群中任意的节点可以访问,服务可以有多个副本动态扩缩容实现高可用
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service scale --help
Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...]
Scale one or multiple replicated services
Options:
-d, --detach Exit immediately instead of waiting for the service to converge
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service scale nginx001=5
nginx001 scaled to 5
overall progress: 5 out of 5 tasks
1/5: running
2/5: running
3/5: running
4/5: running
5/5: running
verify: Service converged
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service scale nginx001=3
nginx001 scaled to 3
overall progress: 3 out of 3 tasks
1/3: running
2/3: running
3/3: running
verify: Service converged
移除服务
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service rm nginx001
nginx001
[root@iZwz95f5dll51l4nwqpokoZ ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
概念总结
swarm
集群的管理和编号。docker可以初始化一个 swarm 集群,其他节点可以加入。(管理、工作者)
node
就是一个docker节点,多个节点就组成了一个网络集群。
service
任务,可以在管理节点或者工作节点来运行。核心!用户访问!
task
容器内的命令,细节任务!
二、Docker Stack
docker-compose 单机部署项目!
docker-compose up -d wordpress.yaml
Docker Stack 部署,集群部署!
docker stack deloy wordpress.yaml
[root@docker ~]# docker stack --help
Usage: docker stack [OPTIONS] COMMAND
Manage Docker stacks
Options:
--orchestrator string Orchestrator to use (swarm|kubernetes|all)
Commands:
deploy Deploy a new stack or update an existing stack
ls List stacks
ps List the tasks in the stack
rm Remove one or more stacks
services List the services in the stack
Run 'docker stack COMMAND --help' for more information on a command.
搜索docker stack 案例进行练习!
三、Docker Secret
安全,配置密码,证书!
[root@docker ~]# docker secret --help
Usage: docker secret COMMAND
Manage Docker secrets
Commands:
create Create a secret from a file or STDIN as content
inspect Display detailed information on one or more secrets
ls List secrets
rm Remove one or more secrets
Run 'docker secret COMMAND --help' for more information on a command.
四、Docker Config
配置
[root@docker ~]# docker secret --help
Usage: docker secret COMMAND
Manage Docker secrets
Commands:
create Create a secret from a file or STDIN as content
inspect Display detailed information on one or more secrets
ls List secrets
rm Remove one or more secrets
Run 'docker secret COMMAND --help' for more information on a command.
[root@docker ~]# docker config --help
Usage: docker config COMMAND
Manage Docker configs
Commands:
create Create a config from a file or STDIN
inspect Display detailed information on one or more configs
ls List configs
rm Remove one or more configs
Run 'docker config COMMAND --help' for more information on a command.
总结
以上就是今天要讲的内容,本文仅仅通过简单Docker swarm
来巩固之前所学的常用指令。好了今天的内容就到这里了,下一篇再见