Difference between revisions of "Docker Swarm"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | https://github.com/sematext/cheatsheets/blob/master/docker-swarm-cheatsheet.md | ||
| + | |||
| + | https://docs.docker.com/engine/swarm/stack-deploy/ | ||
| + | |||
List all containers over swarm | List all containers over swarm | ||
``` | ``` | ||
| Line 4: | Line 8: | ||
``` | ``` | ||
| + | Python SDK | ||
| + | - https://docker-py.readthedocs.io/en/stable/swarm.html | ||
| + | - https://docker-py.readthedocs.io/en/1.10.0/swarm/ | ||
| + | |||
| + | |||
| + | Ports - https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04 | ||
| + | ``` | ||
| + | TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts. | ||
| + | TCP port 2377. This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes. | ||
| + | TCP and UDP port 7946 for communication among nodes (container network discovery). | ||
| + | UDP port 4789 for overlay network traffic (container ingress networking). | ||
| + | ufw allow 22/tcp | ||
| + | ufw allow 2376/tcp | ||
| + | ufw allow 2377/tcp | ||
| + | ufw allow 7946/tcp | ||
| + | ufw allow 7946/udp | ||
| + | ufw allow 4789/udp | ||
| + | ``` | ||
| + | |||
| + | |||
| + | Cheatsheet | ||
| + | ``` | ||
| + | CLI Commands | ||
| + | Swarm Management | ||
| + | docker swarm init --advertise-addr <ip> # Set up master | ||
| + | docker swarm init --force-new-cluster -advertise-addr <ip> # Force manager on broken cluster | ||
| + | |||
| + | docker swarm init –autolock # Enable auto lock | ||
| + | |||
| + | docker swarm join-token worker # Get token to join workers | ||
| + | docker swarm join-token manager # Get token to join new manager | ||
| + | |||
| + | docker swarm join <server> worker # Join host as a worker | ||
| + | |||
| + | docker swarm leave | ||
| + | |||
| + | docker swarm unlock # Unlock a manager host after docker | ||
| + | # daemon restart when autolock is on | ||
| + | |||
| + | docker swarm unlock-key # Print key needed for 'unlock' | ||
| + | Handling nodes | ||
| + | docker node ls # Print swarm node list | ||
| + | docker node rm <node id> | ||
| + | docker node inspect --pretty <node id> | ||
| + | |||
| + | docker node promote <node id> # Promote node to manager | ||
| + | docker node demote <node id> | ||
| + | Labelling nodes | ||
| + | docker node update --label-add <key>=<value> <node> # Add label | ||
| + | docker node update --label-rm <key> <node> # Remove label | ||
| + | docker node inspect <node> | grep Labels -C5 # List labels | ||
| + | Rebalancing | ||
| + | Forced rebalance (dangerous) | ||
| + | |||
| + | for svc in $(docker service ls -q) ; do docker service update $svc --force ; done | ||
| + | Draining a node | ||
| + | |||
| + | docker node update --availability drain <node id> | ||
| + | Undrain | ||
| + | |||
| + | docker node update --availability active <node id> | ||
| + | Managing Services | ||
| + | docker stack ls | ||
| + | docker stack rm <name> | ||
| + | |||
| + | docker service create <image> | ||
| + | docker service create --name <name> --replicas <number of replicas> <image> | ||
| + | docker service scale <name>=<number of replicas> | ||
| + | docker service rm <service id|name> | ||
| + | docker service ls # list all services | ||
| + | docker service ps <service id|name> # list all tasks for given service (includes shutdown/failed) | ||
| + | docker service ps --filter desired-state=running <service id|name> # list running (acitve) tasks for given service | ||
| + | |||
| + | docker service logs --follow <service id|name> | ||
| + | ``` | ||
| − | Enable tls | + | Enable tls - https://docs.docker.com/engine/security/protect-access/ |
``` | ``` | ||
#!/usr/bin/env bash | #!/usr/bin/env bash | ||
Latest revision as of 22:06, 3 April 2021
https://github.com/sematext/cheatsheets/blob/master/docker-swarm-cheatsheet.md
https://docs.docker.com/engine/swarm/stack-deploy/
List all containers over swarm
docker node ps $(docker node ls -q)
Python SDK - https://docker-py.readthedocs.io/en/stable/swarm.html - https://docker-py.readthedocs.io/en/1.10.0/swarm/
TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts. TCP port 2377. This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes. TCP and UDP port 7946 for communication among nodes (container network discovery). UDP port 4789 for overlay network traffic (container ingress networking). ufw allow 22/tcp ufw allow 2376/tcp ufw allow 2377/tcp ufw allow 7946/tcp ufw allow 7946/udp ufw allow 4789/udp
Cheatsheet
CLI Commands
Swarm Management
docker swarm init --advertise-addr <ip> # Set up master
docker swarm init --force-new-cluster -advertise-addr <ip> # Force manager on broken cluster
docker swarm init –autolock # Enable auto lock
docker swarm join-token worker # Get token to join workers
docker swarm join-token manager # Get token to join new manager
docker swarm join <server> worker # Join host as a worker
docker swarm leave
docker swarm unlock # Unlock a manager host after docker
# daemon restart when autolock is on
docker swarm unlock-key # Print key needed for 'unlock'
Handling nodes
docker node ls # Print swarm node list
docker node rm <node id>
docker node inspect --pretty <node id>
docker node promote <node id> # Promote node to manager
docker node demote <node id>
Labelling nodes
docker node update --label-add <key>=<value> <node> # Add label
docker node update --label-rm <key> <node> # Remove label
docker node inspect <node> | grep Labels -C5 # List labels
Rebalancing
Forced rebalance (dangerous)
for svc in $(docker service ls -q) ; do docker service update $svc --force ; done
Draining a node
docker node update --availability drain <node id>
Undrain
docker node update --availability active <node id>
Managing Services
docker stack ls
docker stack rm <name>
docker service create <image>
docker service create --name <name> --replicas <number of replicas> <image>
docker service scale <name>=<number of replicas>
docker service rm <service id|name>
docker service ls # list all services
docker service ps <service id|name> # list all tasks for given service (includes shutdown/failed)
docker service ps --filter desired-state=running <service id|name> # list running (acitve) tasks for given service
docker service logs --follow <service id|name>
Enable tls - https://docs.docker.com/engine/security/protect-access/
#!/usr/bin/env bash
set -e
# https://docs.docker.com/engine/security/protect-access/
HOST=d3.uvoo.io
ipaddr=$(dig +short d3.uvoo.io)
openssl genrsa -aes256 -out ca-key.pem 4096
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = DNS:$HOST,IP:$ipaddr,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf