Docker ------ Swarm 初探

Docker-Swarm 初探

作者：elfin  资料来源：遇见狂神说

目录

• 1、环境准备
  • 1.1 购买实例
  • 1.2 连接服务器
    • 1.2.1 连接4台服务器
    • 1.2.2 安装docker
• 2、工作模式
• 3、集群搭建
  • 3.1 查看当前的docker环境
  • 3.2 查看docker swarm的命令
  • 3.3 查看docker swarm init的命令
  • 3.4 创建主节点
  • 3.5 从节点加入主节点
  • 3.6 创建其他manager节点
  • 3.7 集群的leave
  • 3.8 生成三个manager
  • 3.9 小节
• 4、集群应用部署
  • 4.1 创建服务
    • 4.1.1 查看服务docker service的基本命令
    • 4.1.2 查看创建服务的命令
    • 4.1.3 创建一个服务
  • 4.2 查看我们的服务
  • 4.3更新服务
  • 4.4 更新2
  • 4.5 删除服务

---

Swarm官方教程

1、环境准备

Docker Swarm是docker三剑客之一，Swarm 是 Docker 原生的集群搭建项目，同时也是最简单，最易学，最节省资源的，比较适合中小型公司使用。更多性能介绍可以参考纯洁的微笑。简易学习教程可以参考菜鸟教程。

Swarm本身很简单，但是在学习集群的过程中，你怎么能可以几台机子用于测试呢，伪分布式？额，算了吧，阿里云4台机子0.8元/h，难道不香吗？

1.1 购买实例

这里我们在阿里云上购买4台机子用于说明，选择按量付费模式，用后及时销毁，毕竟家境贫寒！下面介绍操作步骤，阿里云界面可能会调整，但是大差不差，步骤总是问题不大。

服务器购买页面：

A(百度：阿里云，进入官网) --> B(登录并进入控制台) --> C(左侧侧边栏：云服务器ECS) --> D(我的资源：创建实例或创建我的ECS)；

购买需要的服务器：

A(创建我的ECS) --> B(按量付费、选择离你近的区域、分类：共享型1核2G、4台、选择镜像：centos7) --> C(进入下一步，调整带宽，其他默认即可，下一步) --> D(自定义密码、自定义实例名，下一步) --> E(下一步确认订单：确认好基本信息即可购买)

1.2 连接服务器

1.2.1 连接4台服务器

使用xshell连接你刚刚购买的服务器，恰好，xshell免费版的支持四个窗口，对于家境贫寒的我们简直不要太耐撕。

在终端内右键选择将命令输入到其他窗口！这里是为了统一安装环境，总不能咱一个个安装吧！

检查每个服务器都安装好了，下面进入docker安装环节…

1.2.2 安装docker

docker的安装可参考官方教程。

安装步骤：

1. 确保环境是centos7及以上版本，这里买服务器时就选择了！

2. yum安装gcc相关环境，需要确保虚拟机可以上外网

   $ yum -y install gcc
   $ yum -y install gcc-c++
   

3. 卸载旧版本

   $ sudo yum remove docker \
                     docker-client \
                     docker-client-latest \
                     docker-common \
                     docker-latest \
                     docker-latest-logrotate \
                     docker-logrotate \
                     docker-engine
   

4. 安装依赖、设置镜像仓库

   $ sudo yum install -y yum-utils
   
   $ sudo yum-config-manager \
       --add-repo \
       https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   

5. 更新yum软件包索引

   $ yum makecache fast
   

6. 安装Docker-ce

   $ sudo yum install docker-ce docker-ce-cli containerd.io
   

7. 启动Docker

   $ systemctl start docker
   

8. 测试命令

   $ docker version
   $ docker run hello-world
   $ docker images
   

9. 配置镜像加速

   $ sudo mkdir -p /etc/docker
   $ sudo tee /etc/docker/daemon.json <<-'EOF'
   {
   	"registry-mirrors": ["https://qiyb9988.mirror.aliyuncs.com"]
   }
   EOF
   
   $ sudo systemctl daemon-reload
   $ sudo systemctl restart docker
   

   这里注意json文件格式的正确，直接复制会出错！

Top - Bottom

---

2、工作模式

官方的工作模式介绍

Docker Engine 1.12引入了swarm模式，使您能够创建一个由一个或多个Docker引擎组成的集群，称为swarm。swarm由一个或多个节点组成：在swarm模式下运行Docker Engine 1.12或更高版本的物理或虚拟机。

有两种类型的节点：managers和workers。

worker是不能操作managers的！主节点不能只有一个，也不能使用两个！至少使用3个。

---

3、集群搭建

3.1 查看当前的docker环境

[root@iZ2vcf0atudng87wzoeelcZ ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
f555f5076970   bridge    bridge    local
cf030c9a10db   host      host      local
f6484ff6e7c6   none      null      local

3.2 查看docker swarm的命令

[root@iZ2vcf0atudng87wzoeelcZ ~]# docker swarm --help

Usage:  docker swarm COMMAND

Manage Swarm

Commands:
  ca          Display and rotate the root CA
  init        Initialize a swarm
  join        Join a swarm as a node and/or manager
  join-token  Manage join tokens
  leave       Leave the swarm
  unlock      Unlock swarm
  unlock-key  Manage the unlock key
  update      Update the swarm

Run 'docker swarm COMMAND --help' for more information on a command.

3.3 查看docker swarm init的命令

[root@iZ2vcf0atudng87wzoeelcZ ~]# docker swarm init --help

Usage:  docker swarm init [OPTIONS]

Initialize a swarm

Options:
      --advertise-addr string                  Advertised address (format: <ip|interface>[:port])
      --autolock                               Enable manager autolocking (requiring an unlock key to start a stopped manager)
      --availability string                    Availability of the node ("active"|"pause"|"drain") (default "active")
      --cert-expiry duration                   Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
      --data-path-addr string                  Address or interface to use for data path traffic (format: <ip|interface>)
      --data-path-port uint32                  Port number to use for data path traffic (1024 - 49151). If no value is set
                                               or is set to 0, the default port (4789) is used.
      --default-addr-pool ipNetSlice           default address pool in CIDR format (default [])
      --default-addr-pool-mask-length uint32   default address pool subnet mask length (default 24)
      --dispatcher-heartbeat duration          Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
      --external-ca external-ca                Specifications of one or more certificate signing endpoints
      --force-new-cluster                      Force create a new cluster from current state
      --listen-addr node-addr                  Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
      --max-snapshots uint                     Number of additional Raft snapshots to retain
      --snapshot-interval uint                 Number of log entries between Raft snapshots (default 10000)
      --task-history-limit int                 Task history retention limit (default 5)

--advertise-addr 必须要配置！

查看服务器elfin04的地址(内网)：

[root@iZ2vcf0atudng87wzoeelcZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:16:3e:01:51:0d brd ff:ff:ff:ff:ff:ff
    inet 172.28.58.219/20 brd 172.28.63.255 scope global dynamic eth0
       valid_lft 315358385sec preferred_lft 315358385sec
    inet6 fe80::216:3eff:fe01:510d/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:de:7a:76:d8 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

当前服务器的地址为172.28.58.219

3.4 创建主节点

[root@iZ2vcf0atudng87wzoeelcZ ~]# docker swarm init --advertise-addr 172.28.58.219
Swarm initialized: current node (xron1grqswlita8xrcwr2d3y5) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

上面的信息表明，当前节点是一个manager节点，添加工作节点的命令为：docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377，注意这里的token相当于认证！最后一行说明了如何添加管理节点。

3.5 从节点加入主节点

在3.4中创建主节点时生成了两个令牌：

# 将其他服务器直接加入当前的主节点
docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377
# 生成其他主节点的令牌命令(在当前主节点生成后复制到其他服务器使用)
docker swarm join-token manager
# 生成其他从节点的命令
docker swarm join-token worker

现在让elfin03加入elfin04这个主节点

[root@iZ2vcf0atudng87wzoeelbZ ~]# docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377
This node joined a swarm as a worker.

现在elfin03通过上面的命令加入了主节点！

查看当前的节点信息：

# elfin04主节点中执行
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Ready     Active                          20.10.0
xron1grqswlita8xrcwr2d3y5 *   iZ2vcf0atudng87wzoeelcZ   Ready     Active         Leader           20.10.0

可以发现有两个节点，Leader即为我们的elfin04主节点(观察HOSTNAME)！

生成其他worker加入的令牌：

docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377

当前的令牌和init时生成的是一样的！

让elfin02加入elfin04主节点

# 在elfin02中执行
[root@iZ2vcf0atudng87wzoeelaZ ~]# docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-9jl64hbbhul3th0b6jjf6ikji 172.28.58.219:2377
This node joined a swarm as a worker.

# 在elfin04中执行
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Ready     Active                          20.10.0
xron1grqswlita8xrcwr2d3y5 *   iZ2vcf0atudng87wzoeelcZ   Ready     Active         Leader           20.10.0

iZ2vcf0atudng87wzoeelaZ表明elfin02加入了集群！

3.6 创建其他manager节点

# 在elfin04中执行
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-32usnk3wlcpe9jn3nylwngd35 172.28.58.219:2377

将elfin01加入elfin04所在集群，且作为一个主节点：

# 在elfin01中执行
[root@iZ2vcf0atudng87wzoeel9Z ~]# docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-32usnk3wlcpe9jn3nylwngd35 172.28.58.219:2377
This node joined a swarm as a manager.
[root@iZ2vcf0atudng87wzoeel9Z ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
s7negfbauav9sgwsgggr1vj75 *   iZ2vcf0atudng87wzoeel9Z   Ready     Active         Reachable        20.10.0
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Ready     Active                          20.10.0
xron1grqswlita8xrcwr2d3y5     iZ2vcf0atudng87wzoeelcZ   Ready     Active         Leader           20.10.0

注意，docker node ls要在主节点中执行，而 elfin01 也是主节点，但是我们观察到TD后面有星号，manager status也是Reachable！星号标识了当前处于哪个主节点，Leader你可以理解为管理节点中的大哥，如果大哥挂了，其他主节点会顺位成为大哥，嗯，整的像黑社会似的。

3.7 集群的leave

---

实验

停止elfin04中的docker，在elfin01中测试docker node ls

# elfin04
[root@iZ2vcf0atudng87wzoeelcZ ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
  docker.socket
  
# elfin01
[root@iZ2vcf0atudng87wzoeel9Z ~]# docker node ls
Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.

上面的结果说明现在集群没有Leader了，这是为什么呢，elfin01不是应该上位吗？这里要注意要满足Raft协议。

恢复elfin04查看变化

# elfin04
[root@iZ2vcf0atudng87wzoeelcZ ~]# systemctl start docker
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
s7negfbauav9sgwsgggr1vj75     iZ2vcf0atudng87wzoeel9Z   Ready     Active         Leader           20.10.0
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Ready     Active                          20.10.0
xron1grqswlita8xrcwr2d3y5 *   iZ2vcf0atudng87wzoeelcZ   Ready     Active         Reachable        20.10.0

现在您可以发现elfin04进去集群了，但是它已经不当大哥好多年！变成Reachable的管理节点了。

现在让elfin03离开集群

[root@iZ2vcf0atudng87wzoeelbZ ~]# docker swarm leave
Node left the swarm.

# elfin04
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
s7negfbauav9sgwsgggr1vj75     iZ2vcf0atudng87wzoeel9Z   Ready     Active         Leader           20.10.0
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Down      Active                          20.10.0
xron1grqswlita8xrcwr2d3y5 *   iZ2vcf0atudng87wzoeelcZ   Ready     Active         Reachable        20.10.0

可以看见status变为Down了！

3.8 生成三个manager

# elfin04
[root@iZ2vcf0atudng87wzoeelcZ ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-32usnk3wlcpe9jn3nylwngd35 172.28.58.219:2377

# elfin03
[root@iZ2vcf0atudng87wzoeelbZ ~]# docker swarm join --token SWMTKN-1-4gb44r3ekdejhtdp0fzc1o3dqdplrobqnjgaojtaghgpdaqjkx-32usnk3wlcpe9jn3nylwngd35 172.28.58.219:2377
This node joined a swarm as a manager.
[root@iZ2vcf0atudng87wzoeelbZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
s7negfbauav9sgwsgggr1vj75     iZ2vcf0atudng87wzoeel9Z   Ready     Active         Leader           20.10.0
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Down      Active                          20.10.0
u44zzj5jetxxetkblnx75qr82 *   iZ2vcf0atudng87wzoeelbZ   Ready     Active         Reachable        20.10.0
xron1grqswlita8xrcwr2d3y5     iZ2vcf0atudng87wzoeelcZ   Ready     Active         Reachable        20.10.0
# 当前有三个主节点了！显示elfin03 Down了我们不用管……

注意：此时我停止Leader，在其他主节点使用docker node ls，效果如下：

[root@iZ2vcf0atudng87wzoeelbZ ~]# docker node ls
ID                            HOSTNAME                  STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
s7negfbauav9sgwsgggr1vj75     iZ2vcf0atudng87wzoeel9Z   Down      Active         Unreachable      20.10.0
flxmp7ppfmd6vadxn8q6hx0ch     iZ2vcf0atudng87wzoeelaZ   Ready     Active                          20.10.0
llqvxni8acep3zx2s93s6kexx     iZ2vcf0atudng87wzoeelbZ   Down      Active                          20.10.0
u44zzj5jetxxetkblnx75qr82 *   iZ2vcf0atudng87wzoeelbZ   Ready     Active         Leader           20.10.0
xron1grqswlita8xrcwr2d3y5     iZ2vcf0atudng87wzoeelcZ   Ready     Active         Reachable        20.10.0

明显elfin01显示Unreachable了，而此时小弟elfin03上位成功了，终于熬成Leader了！

此时是符合Raft协议的，即我们要满足大多数原则，只有两个主节点，坏一个就只有一个，就不能满足大多数！所以集群至少要有两个主节点。

3.9 小节

1. 生成主节点
2. 加入（管理者manager、worker）
3. work就是工作的，manager就是管理的！

将主节点全部启动起来。使集群正常……

Top - Bottom

---

4、集群应用部署

这一节我们主要是体验弹性、扩缩容。以后就不要使用docker run进行启动部署了，当然docker-compose up也不适合你，一般部署项目我们最好是集群，这样可以高可用、高可靠。

一般的小公司，使用swarm就足够了，如果非要使用K8S也是可以的……

为什么要使用集群？因为我们想要应用高可用，访问的时候我们也不需要指定某个机器，如访问redis数据库，我们只需使用redis就好；当访问量过大需要扩容时，你确定不用集群吗？

这里我们主要体验：创建服务、动态扩展服务、动态更新服务。

4.1 创建服务

4.1.1 查看服务docker service的基本命令

[root@iZ2vcf0atudng87wzoeel9Z ~]# docker service --help

Usage:  docker service COMMAND

Manage services

Commands:
  create      Create a new service
  inspect     Display detailed information on one or more services
  logs        Fetch the logs of a service or task
  ls          List services
  ps          List the tasks of one or more services
  rm          Remove one or more services
  rollback    Revert changes to a service's configuration
  scale       Scale one or multiple replicated services
  update      Update a service

Run 'docker service COMMAND --help' for more information on a command.

4.1.2 查看创建服务的命令

[root@iZ2vcf0atudng87wzoeel9Z ~]# docker service create --help

Usage:  docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]

Create a new service

Options:
      --cap-add list                       Add Linux capabilities
      --cap-drop list                      Drop Linux capabilities
      --config config                      Specify configurations to expose to the service
      --constraint list                    Placement constraints
      --container-label list               Container labels
      --credential-spec credential-spec    Credential spec for managed service account (Windows only)
  -d, --detach                             Exit immediately instead of waiting for the service to converge
      --dns list                           Set custom DNS servers
      --dns-option list                    Set DNS options
      --dns-search list                    Set custom DNS search domains
      --endpoint-mode string               Endpoint mode (vip or dnsrr) (default "vip")
      --entrypoint command                 Overwrite the default ENTRYPOINT of the image
  -e, --env list                           Set environment variables
      --env-file list                      Read in a file of environment variables
      --generic-resource list              User defined resources
      --group list                         Set one or more supplementary user groups for the container
      --health-cmd string                  Command to run to check health
      --health-interval duration           Time between running the check (ms|s|m|h)
      --health-retries int                 Consecutive failures needed to report unhealthy
      --health-start-period duration       Start period for the container to initialize before counting retries towards
                                           unstable (ms|s|m|h)
      --health-timeout duration            Maximum time to allow one check to run (ms|s|m|h)
      --host list                          Set one or more custom host-to-IP mappings (host:ip)
      --hostname string                    Container hostname
      --init                               Use an init inside each service container to forward signals and reap processes
      --isolation string                   Service container isolation mode
  -l, --label list                         Service labels
      --limit-cpu decimal                  Limit CPUs
      --limit-memory bytes                 Limit Memory
      --limit-pids int                     Limit maximum number of processes (default 0 = unlimited)
      --log-driver string                  Logging driver for service
      --log-opt list                       Logging driver options
      --max-concurrent uint                Number of job tasks to run concurrently (default equal to --replicas)
      --mode string                        Service mode (replicated, global, replicated-job, or global-job) (default
                                           "replicated")
      --mount mount                        Attach a filesystem mount to the service
      --name string                        Service name
      --network network                    Network attachments
      --no-healthcheck                     Disable any container-specified HEALTHCHECK
      --no-resolve-image                   Do not query the registry to resolve image digest and supported platforms
      --placement-pref pref                Add a placement preference
  -p, --publish port                       Publish a port as a node port
  -q, --quiet                              Suppress progress output
      --read-only                          Mount the container's root filesystem as read only
      --replicas uint                      Number of tasks
      --replicas-max-per-node uint         Maximum number of tasks per node (default 0 = unlimited)
      --reserve-cpu decimal                Reserve CPUs
      --reserve-memory bytes               Reserve Memory
      --restart-condition string           Restart when condition is met ("none"|"on-failure"|"any") (default "any")
      --restart-delay duration             Delay between restart attempts (ns|us|ms|s|m|h) (default 5s)
      --restart-max-attempts uint          Maximum number of restarts before giving up
      --restart-window duration            Window used to evaluate the restart policy (ns|us|ms|s|m|h)
      --rollback-delay duration            Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s)
      --rollback-failure-action string     Action on rollback failure ("pause"|"continue") (default "pause")
      --rollback-max-failure-ratio float   Failure rate to tolerate during a rollback (default 0)
      --rollback-monitor duration          Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h)
                                           (default 5s)
      --rollback-order string              Rollback order ("start-first"|"stop-first") (default "stop-first")
      --rollback-parallelism uint          Maximum number of tasks rolled back simultaneously (0 to roll back all at once)
                                           (default 1)
      --secret secret                      Specify secrets to expose to the service
      --stop-grace-period duration         Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s)
      --stop-signal string                 Signal to stop the container
      --sysctl list                        Sysctl options
  -t, --tty                                Allocate a pseudo-TTY
      --ulimit ulimit                      Ulimit options (default [])
      --update-delay duration              Delay between updates (ns|us|ms|s|m|h) (default 0s)
      --update-failure-action string       Action on update failure ("pause"|"continue"|"rollback") (default "pause")
      --update-max-failure-ratio float     Failure rate to tolerate during an update (default 0)
      --update-monitor duration            Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s)
      --update-order string                Update order ("start-first"|"stop-first") (default "stop-first")
      --update-parallelism uint            Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
  -u, --user string                        Username or UID (format: <name|uid>[:<group|gid>])
      --with-registry-auth                 Send registry authentication details to swarm agents
  -w, --workdir string                     Working directory inside the container

4.1.3 创建一个服务

# elfin01
[root@iZ2vcf0atudng87wzoeel9Z ~]# docker service create -p 8888:80 --name my_nginx nginx
3zs3vzn8aqh6mjhoawbcysl96
overall progress: 1 out of 1 tasks 
1/1: running   [==================================================>] 
verify: Service converged 

注意：

1. docker run 容器启动！不具有扩缩容
2. dockerservice 服务化启动！具有扩缩容、滚动更新！

Top - Bottom

---

4.2 查看我们的服务

# elfin01
[root@iZ2vcf0atudng87wzoeel9Z ~]# docker service ps my_nginx
ID             NAME         IMAGE          NODE                      DESIRED STATE   CURRENT STATE           ERROR     PORTS
byfl43zh4ltb   my_nginx.1   nginx:latest   iZ2vcf0atudng87wzoeelaZ   Running         Running 3 minutes ago 

# elfin03
[root@iZ2vcf0atudng87wzoeelbZ ~]# docker service ps my_nginx
ID             NAME         IMAGE          NODE                      DESIRED STATE   CURRENT STATE           ERROR     PORTS
byfl43zh4ltb   my_nginx.1   nginx:latest   iZ2vcf0atudng87wzoeelaZ   Running         Running 4 minutes ago
[root@iZ2vcf0atudng87wzoeelbZ ~]# docker service ls
ID             NAME       MODE         REPLICAS   IMAGE          PORTS
3zs3vzn8aqh6   my_nginx   replicated   1/1        nginx:latest   *:8888->80/tcp

这里只启动了一个nginx，只有一个副本，这好像部署我们想要的结果……

如果你想看具体的信息，可以使用docker service inspect my_nginx，这里的命令和docker的基本命令相似，只是加了一个service。

Top - Bottom

---

4.3更新服务

查看update的基本命令

[root@iZ2vcf0atudng87wzoeelbZ ~]# docker service update --help

Usage:  docker service update [OPTIONS] SERVICE

Update a service

Options:
      --args command                       Service command args
      --cap-add list                       Add Linux capabilities
      --cap-drop list                      Drop Linux capabilities
      --config-add config                  Add or update a config file on a service
      --config-rm list                     Remove a configuration file
      --constraint-add list                Add or update a placement constraint
      --constraint-rm list                 Remove a constraint
      --container-label-add list           Add or update a container label
      --container-label-rm list            Remove a container label by its key
      --credential-spec credential-spec    Credential spec for managed service account (Windows only)
  -d, --detach                             Exit immediately instead of waiting for the service to converge
      --dns-add list                       Add or update a custom DNS server
      --dns-option-add list                Add or update a DNS option
      --dns-option-rm list                 Remove a DNS option
      --dns-rm list                        Remove a custom DNS server
      --dns-search-add list                Add or update a custom DNS search domain
      --dns-search-rm list                 Remove a DNS search domain
      --endpoint-mode string               Endpoint mode (vip or dnsrr)
      --entrypoint command                 Overwrite the default ENTRYPOINT of the image
      --env-add list                       Add or update an environment variable
      --env-rm list                        Remove an environment variable
      --force                              Force update even if no changes require it
      --generic-resource-add list          Add a Generic resource
      --generic-resource-rm list           Remove a Generic resource
      --group-add list                     Add an additional supplementary user group to the container
      --group-rm list                      Remove a previously added supplementary user group from the container
      --health-cmd string                  Command to run to check health
      --health-interval duration           Time between running the check (ms|s|m|h)
      --health-retries int                 Consecutive failures needed to report unhealthy
      --health-start-period duration       Start period for the container to initialize before counting retries towards
                                           unstable (ms|s|m|h)
      --health-timeout duration            Maximum time to allow one check to run (ms|s|m|h)
      --host-add list                      Add a custom host-to-IP mapping (host:ip)
      --host-rm list                       Remove a custom host-to-IP mapping (host:ip)
      --hostname string                    Container hostname
      --image string                       Service image tag
      --init                               Use an init inside each service container to forward signals and reap processes
      --isolation string                   Service container isolation mode
      --label-add list                     Add or update a service label
      --label-rm list                      Remove a label by its key
      --limit-cpu decimal                  Limit CPUs
      --limit-memory bytes                 Limit Memory
      --limit-pids int                     Limit maximum number of processes (default 0 = unlimited)
      --log-driver string                  Logging driver for service
      --log-opt list                       Logging driver options
      --max-concurrent uint                Number of job tasks to run concurrently (default equal to --replicas)
      --mount-add mount                    Add or update a mount on a service
      --mount-rm list                      Remove a mount by its target path
      --network-add network                Add a network
      --network-rm list                    Remove a network
      --no-healthcheck                     Disable any container-specified HEALTHCHECK
      --no-resolve-image                   Do not query the registry to resolve image digest and supported platforms
      --placement-pref-add pref            Add a placement preference
      --placement-pref-rm pref             Remove a placement preference
      --publish-add port                   Add or update a published port
      --publish-rm port                    Remove a published port by its target port
  -q, --quiet                              Suppress progress output
      --read-only                          Mount the container's root filesystem as read only
      --replicas uint                      Number of tasks
      --replicas-max-per-node uint         Maximum number of tasks per node (default 0 = unlimited)
      --reserve-cpu decimal                Reserve CPUs
      --reserve-memory bytes               Reserve Memory
      --restart-condition string           Restart when condition is met ("none"|"on-failure"|"any")
      --restart-delay duration             Delay between restart attempts (ns|us|ms|s|m|h)
      --restart-max-attempts uint          Maximum number of restarts before giving up
      --restart-window duration            Window used to evaluate the restart policy (ns|us|ms|s|m|h)
      --rollback                           Rollback to previous specification
      --rollback-delay duration            Delay between task rollbacks (ns|us|ms|s|m|h)
      --rollback-failure-action string     Action on rollback failure ("pause"|"continue")
      --rollback-max-failure-ratio float   Failure rate to tolerate during a rollback
      --rollback-monitor duration          Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h)
      --rollback-order string              Rollback order ("start-first"|"stop-first")
      --rollback-parallelism uint          Maximum number of tasks rolled back simultaneously (0 to roll back all at once)
      --secret-add secret                  Add or update a secret on a service
      --secret-rm list                     Remove a secret
      --stop-grace-period duration         Time to wait before force killing a container (ns|us|ms|s|m|h)
      --stop-signal string                 Signal to stop the container
      --sysctl-add list                    Add or update a Sysctl option
      --sysctl-rm list                     Remove a Sysctl option
  -t, --tty                                Allocate a pseudo-TTY
      --ulimit-add ulimit                  Add or update a ulimit option (default [])
      --ulimit-rm list                     Remove a ulimit option
      --update-delay duration              Delay between updates (ns|us|ms|s|m|h)
      --update-failure-action string       Action on update failure ("pause"|"continue"|"rollback")
      --update-max-failure-ratio float     Failure rate to tolerate during an update
      --update-monitor duration            Duration after each task update to monitor for failure (ns|us|ms|s|m|h)
      --update-order string                Update order ("start-first"|"stop-first")
      --update-parallelism uint            Maximum number of tasks updated simultaneously (0 to update all at once)
  -u, --user string                        Username or UID (format: <name|uid>[:<group|gid>])
      --with-registry-auth                 Send registry authentication details to swarm agents
  -w, --workdir string                     Working directory inside the container

副本设置--replicas uint

设置服务有三个副本

[root@iZ2vcf0atudng87wzoeelbZ ~]# docker service update --replicas 3 my_nginx
my_nginx
overall progress: 3 out of 3 tasks 
1/3: running   [==================================================>] 
2/3: running   [==================================================>] 
3/3: running   [==================================================>] 
verify: Service converged

此时elfin01~elfin03都有my_nginx项目了……

访问：使用集群中的任何一个IP都可以访问到！

Top - Bottom

---

4.4 更新2

使用docker service scale my_nginx=5，这里动态扩缩容为副本数为5，实际上和4.1.5的update一样。

4.5 删除服务

$ docker service rm my_nginx

此时三个主节点都查不到服务！，在所有节点也找不到！

Top - Bottom

---

完！