Docker-compose、Docker-Swarm
Docker Compose
介绍
是用于定义和运行多容器 Docker 应用程序的工具。通过 Compose,您可以使用 YML 文件来配置应用程序需要的所有服务。然后,使用一个命令,就可以从 YML 文件配置中创建并启动所有服务。
DockerFile让程序在任何地方运行。web服务、redis、mysql、nginx.....多个容器。run
docker-compose.yml
version: "3.8"
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
安装
方式一
1、下载
# 这个下载很慢 我们使用下面的
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudu curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.5/docker-compose-`uname -S`-`uname -m` > /usr/local/bin/docker-compose
2、给文件授权
sudo chmod +x docker-compose
3、查看版本
docker-compose version
方式二
1、安装python-pip
yum -y install epel-release
yum -y install python-pip
2、安装docker-compose
pip install docker-compose
3、查看版本
docker-compose version
Compose 初体验
我们按照官方给的案例来体验一下。
我们先来看一下docker中的状态
接下来我们就来完成官网上的案例
1、创建composetest文件夹
2、编写一个app.py文件,这个是一个Python web应用
import time
import redis
from flask import Flask
app = Flask(__name__)
cache = redis.Redis(host='redis', port=6379)
def get_hit_count():
retries = 5
while True:
try:
return cache.incr('hits')
except redis.exceptions.ConnectionError as exc:
if retries == 0:
raise exc
retries -= 1
time.sleep(0.5)
@app.route('/')
def hello():
count = get_hit_count()
return 'Hello World! I have been seen {} times.\n'.format(count)
这就是一个利用redis来完成统计访问次数功能的web应用。
3、创建一个requirements.txt文件
flask
redis
4、创建一个dockerfile文件
FROM python:3.7-alpine
WORKDIR /code
ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
RUN apk add --no-cache gcc musl-dev linux-headers
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
EXPOSE 5000
COPY . .
CMD ["flask", "run"]
5、创建docker-compose.yml文件
version: "3.8"
services:
web:
build: .
ports:
- "5000:5000"
redis:
image: "redis:alpine"
6、运行 (docker-compose.yml一定要存在)
docker-compose build
docker-compose up
先查看docker 中正在运行的容器,可以看出,多了两个redis:alpine、composetest_web
访问:http://192.168.31.131:5000/
部署成功!!!
部署完成了,我们先来看看他有那些默认规则。
1、docker-compose.yml配置的依赖自动给我们下载下来了
2、
[root@aubin composetest]# docker service ls
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
默认的服务名: 文件名_服务名_num
未来有多个服务器。集群 _num 表示副本数量
3、网络规则
比如说我们有10个服务,项目上线后对内网络规则很复杂,不好配置。docker-compose自动为我们维护了一个网络,也就是项目中的内容都在同一个网络下面。
7、停止docker-compose
docker-compose stop ctrl+c
docker-compose down
总结:以前都是单个docker run启动容器,现在使用docker-compose,通过编写的yaml配置文件,可以通过compose一键启动
Docker-compose的yaml配置规则
https://docs.docker.com/compose/compose-file/#compose-file-structure-and-examples
我们先来看看官方示例:
version: "3.8"
services:
redis:
image: redis:alpine
ports:
- "6379"
networks:
- frontend
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
db:
image: postgres:9.4
volumes:
- db-data:/var/lib/postgresql/data
networks:
- backend
deploy:
placement:
max_replicas_per_node: 1
constraints:
- "node.role==manager"
vote:
image: dockersamples/examplevotingapp_vote:before
ports:
- "5000:80"
networks:
- frontend
depends_on:
- redis
deploy:
replicas: 2
update_config:
parallelism: 2
restart_policy:
condition: on-failure
result:
image: dockersamples/examplevotingapp_result:before
ports:
- "5001:80"
networks:
- backend
depends_on:
- db
deploy:
replicas: 1
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
worker:
image: dockersamples/examplevotingapp_worker
networks:
- frontend
- backend
deploy:
mode: replicated
replicas: 1
labels: [APP=VOTING]
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 120s
placement:
constraints:
- "node.role==manager"
visualizer:
image: dockersamples/visualizer:stable
ports:
- "8080:8080"
stop_grace_period: 1m30s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
placement:
constraints:
- "node.role==manager"
networks:
frontend:
backend:
volumes:
db-data:
compose只有三层
#
version:'' #版本
services: #代表我们的服务
服务1:web
#服务配置
images:
build:
port:
network:
...
服务2:redis
# 其他配置 网络、卷挂载、全局规则
volumes:
network:
configs:
我们来看一下具体怎么写的
service下:
#depends_on:表示如果该服务依赖于那个项目的话,这里来指定启动顺序
比如:
services:
web:
depends_on:
-db
-redis
# 这里依赖了db和redis,启动顺序就是db、redis、web
--------------------------------------------------------------------
#deploy 用于部署的,都是集群相关的一些东西
deploy:
replicas:6
#表示有6个副本
yaml中的services下的所有命令,在dockerfile中都有,也可以查看官网上的
https://docs.docker.com/compose/compose-file/#compose-file-structure-and-examples
利用compose搭建博客
https://docs.docker.com/compose/wordpress/
新建一个文件夹
编写docker-compose.yml。
version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
执行docker-compose up命令
访问http://192.168.31.131:8000/
实战-计数器
编写自己的微服务
1、编写项目微服务
@RestController
public class HelloController {
@Autowired
private StringRedisTemplate redisTemplate;
@GetMapping("/hello")
public String hello(){
Long views = redisTemplate.opsForValue().increment( "views" );
return "hello,baoge。views:"+views;
}
}
2、dockerfile构建:
FROM java:8
COPY *.jar /app.jar
CMD ["--server.port=80"]
EXPOSE 80
ENTRYPOINT ["java","-jar","app.jar"]
3、docker-compose.yml编排项目
version: '3.8'
services:
linapp:
build: .
image: linapp
depends_on:
- redis
ports:
- "80:80"
redis:
image: "library/redis:alpine"
4、放到服务器,docker-compose up
4.1、上传文件到服务器
4.2、执行docker-compose up命令
5、访问项目
Docker swarm
创建4台虚拟机
安装Docker
# 安装docker
yum -y install gcc
yum install -y gcc-c++
yum remove docker \
docker-client\
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 安装所需要的软件包
yum install -y yum-utils
# 设置镜像仓库
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 更新yum软件包索引
yum makecache fast
#安装Docker CE
yum install docker-ce docker-ce-cli containerd.io
# 启动Docker
systemctl start docker
# 开机启动Docker
systemctl enable docker
测试:
# 配置aliyun镜像
[root@aubin ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://vgiqiiwr.mirror.aliyuncs.com"]
}
[root@aubin ~]# systemctl daemon-reload
[root@aubin ~]# systemctl restart docker
swarm相关配置https://docs.docker.com/engine/swarm/
他是如何工作的?
这里有几个工作节点和管理节点。
1、管理节点和管理节点之间是可以通信的,管理节点可以管理工作节点。
2、操作都是在Manager中进行的,worker节点是不能操作的。
3、这里还有个Raft一致性算法,这个算法是来保证绝大多数服务可用。
管理节点至少有三个。
搭建集群
1、查看网络
docker network ls
这时刚初始化,只有三个网络。
查看swarm有哪些命令
[root@aubin ~]# docker swarm --help
Usage: docker swarm COMMAND
Manage Swarm
Commands:
ca Display and rotate the root CA
init # 初始化一个集群
join # 加入一个集群
join-token # 加入一个token
leave # 移除集群
unlock # 解锁集群
unlock-key Manage the unlock key
update # 更新集群
2、初始化集群
查看初始化命令
[root@aubin ~]# docker swarm init --help
Usage: docker swarm init [OPTIONS]
Initialize a swarm
Options:
--advertise-addr string Advertised address (format: <ip|interface>[:port]) # 广播地址
--autolock Enable manager autolocking (requiring an unlock key to start a stopped manager)
--availability string Availability of the node ("active"|"pause"|"drain") (default "active")
--cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
--data-path-addr string Address or interface to use for data path traffic (format: <ip|interface>)
--data-path-port uint32 Port number to use for data path traffic (1024 - 49151). If no value is set or is set to 0, the default port (4789) is used.
--default-addr-pool ipNetSlice default address pool in CIDR format (default [])
--default-addr-pool-mask-length uint32 default address pool subnet mask length (default 24)
--dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
--external-ca external-ca Specifications of one or more certificate signing endpoints
--force-new-cluster Force create a new cluster from current state
--listen-addr node-addr Listen address (format: <ip|interface>[:port]) (default 0.0.0.0:2377)
--max-snapshots uint Number of additional Raft snapshots to retain
--snapshot-interval uint Number of log entries between Raft snapshots (default 10000)
--task-history-limit int Task history retention limit (default 5)
--advertise-addr:告诉别人我的地址是在那里,地址分为公网、私网。这里我们走私网-192.168.31.131。
让192.168.31.131这个ip下的docker成为主节点
# docker swarm init --advertise-addr ip地址
docker swarm init --advertise-addr 192.168.31.131
由信息可知,
1、当前地址已经加入到了swarm
2、使用docker swarm join --token xxx命令让其他节点加入到这个主节点。
3、使用docker swarm join-token manager获取一个管理节点的令牌
3、让其他节点加入到主节点
# 获取令牌
docker swarm join-token manager
docker swarm join-token worker
# 192.168.31.132加入到主节点192.168.31.131
docker swarm join --token SWMTKN-1-1c7pl7vjpijeqokx5nawfzp2txt4xrv6p5y3a3ef1axofmx7fa-1u9a47t7oxzkv9pr1uoxwfnnf 192.168.31.131:2377
在主节点中查看
我们把192.168.31.133这个ip下的docker以工作节点的方式加入到131这个ip下的管理节点
# 生成token
[root@aubin ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-cgjoxznlu5s23mbtw55s84cfd 192.168.31.131:2377
# 133节点
docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-cgjoxznlu5s23mbtw55s84cfd 192.168.31.131:2377
把134这个节点以管理节点的方式加入到131这个管理节点
[root@aubin ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-dwrm5w7j1jldxb24a9uqd2oz1 192.168.31.131:2377
docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-dwrm5w7j1jldxb24a9uqd2oz1 192.168.31.131:2377
可以看到131这个节点是Reachable(可触达的节点),这也是一个主节点
这是一个双主双从的模式,这是不科学的,我们要设置为至少三个主节点。
Raft一致性协议
上面我们搭上了一个双主双从的集群。假设一个节点挂了,其他节点是否可用?
Raft协议:保证大多数节点存活才可以用,只要至少大于3太才行。如果是双出双从模式,主节点挂了,其他管理节点也会不可用。
实验:
1、停止131的docker,然后在134上执行docker node ls
重启131上的docker
2、移除133这个节点
[root@aubin ~]# docker swarm leave
Node left the swarm.
# 在主节点上查看状态
docker node ls
3、生成三主
将133这个节点变为主节点
[root@aubin ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-dwrm5w7j1jldxb24a9uqd2oz1 192.168.31.131:2377
[root@aubin ~]# docker swarm join --token SWMTKN-1-45pjpjt5syhuz70f9vk8olhrjhckwk3f7x8sy4szhmcq8xxx6c-dwrm5w7j1jldxb24a9uqd2oz1 192.168.31.131:2377
This node joined a swarm as a manager.
#查看docker node ls
可以看出131变为Reachable,而且前面的Down掉的节点没有移除
3、在worker节点(132)上执行docker swarm node ls
worker就是工作的,管理节点的操作不能在worker节点上使用。
3个主节点,至少保证2太机器存活
体验
体验集群的弹性、扩缩容。
用docker service命令来启动容器
有创建服务、动态扩展服务、动态更新服务、日志...
[root@aubin ~]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
灰度发布
[root@aubin ~]# docker service create --help
Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
Create a new service
Options:
--config config Specify configurations to expose to the service
--constraint list Placement constraints
--container-label list Container labels
--credential-spec credential-spec Credential spec for managed service account (Windows only)
-d, --detach Exit immediately instead of waiting for the service to converge
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip")
--entrypoint command Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--generic-resource list User defined resources
--group list Set one or more supplementary user groups for the container
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h)
--host list Set one or more custom host-to-IP mappings (host:ip)
--hostname string Container hostname
--init Use an init inside each service container to forward signals and reap processes
--isolation string Service container isolation mode
-l, --label list Service labels
--limit-cpu decimal Limit CPUs
--limit-memory bytes Limit Memory
--log-driver string Logging driver for service
--log-opt list Logging driver options
--mode string Service mode (replicated or global) (default "replicated")
--mount mount Attach a filesystem mount to the service
--name string Service name
--network network Network attachments
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image digest and supported platforms
--placement-pref pref Add a placement preference
-p, --publish port Publish a port as a node port
-q, --quiet Suppress progress output
--read-only Mount the container's root filesystem as read only
--replicas uint Number of tasks
--replicas-max-per-node uint Maximum number of tasks per node (default 0 = unlimited)
--reserve-cpu decimal Reserve CPUs
--reserve-memory bytes Reserve Memory
--restart-condition string Restart when condition is met ("none"|"on-failure"|"any") (default "any")
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default 5s)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
--rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s)
--rollback-failure-action string Action on rollback failure ("pause"|"continue") (default "pause")
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback (default 0)
--rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 5s)
--rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first")
--rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) (default 1)
--secret secret Specify secrets to expose to the service
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s)
--stop-signal string Signal to stop the container
--sysctl list Sysctl options
-t, --tty Allocate a pseudo-TTY
--update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s)
--update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause")
--update-max-failure-ratio float Failure rate to tolerate during an update (default 0)
--update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s)
--update-order string Update order ("start-first"|"stop-first") (default "stop-first")
--update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1)
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--with-registry-auth Send registry authentication details to swarm agents
-w, --workdir string Working directory inside the container
这个命令跟docker run命令一样,可以指定端口、名字...
运行nginx
docker service create -p 8888:80 --name mynginx nginx
docker run 容器启动,不具备扩缩容的功能
docker service 服务,具有扩缩容、滚动更新的功能
启动容器:
docker service create -p 8888:80 --name mynginx nginx
查看服务
docker service ps mynginx
docker service ls
可以看到只有一个副本,也就是运行了一台。
如果想在多台节点上运行,我们看看如何操作
[root@aubin ~]# docker service update --help
Usage: docker service update [OPTIONS] SERVICE
Update a service
Options:
--args command Service command args
--config-add config Add or update a config file on a service
--config-rm list Remove a configuration file
--constraint-add list Add or update a placement constraint
--constraint-rm list Remove a constraint
--container-label-add list Add or update a container label
--container-label-rm list Remove a container label by its key
--credential-spec credential-spec Credential spec for managed service account (Windows only)
-d, --detach Exit immediately instead of waiting for the service to converge
--dns-add list Add or update a custom DNS server
--dns-option-add list Add or update a DNS option
--dns-option-rm list Remove a DNS option
--dns-rm list Remove a custom DNS server
--dns-search-add list Add or update a custom DNS search domain
--dns-search-rm list Remove a DNS search domain
--endpoint-mode string Endpoint mode (vip or dnsrr)
--entrypoint command Overwrite the default ENTRYPOINT of the image
--env-add list Add or update an environment variable
--env-rm list Remove an environment variable
--force Force update even if no changes require it
--generic-resource-add list Add a Generic resource
--generic-resource-rm list Remove a Generic resource
--group-add list Add an additional supplementary user group to the container
--group-rm list Remove a previously added supplementary user group from the container
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h)
--host-add list Add a custom host-to-IP mapping (host:ip)
--host-rm list Remove a custom host-to-IP mapping (host:ip)
--hostname string Container hostname
--image string Service image tag
--init Use an init inside each service container to forward signals and reap processes
--isolation string Service container isolation mode
--label-add list Add or update a service label
--label-rm list Remove a label by its key
--limit-cpu decimal Limit CPUs
--limit-memory bytes Limit Memory
--log-driver string Logging driver for service
--log-opt list Logging driver options
--mount-add mount Add or update a mount on a service
--mount-rm list Remove a mount by its target path
--network-add network Add a network
--network-rm list Remove a network
--no-healthcheck Disable any container-specified HEALTHCHECK
--no-resolve-image Do not query the registry to resolve image digest and supported platforms
--placement-pref-add pref Add a placement preference
--placement-pref-rm pref Remove a placement preference
--publish-add port Add or update a published port
--publish-rm port Remove a published port by its target port
-q, --quiet Suppress progress output
--read-only Mount the container's root filesystem as read only
--replicas uint Number of tasks
--replicas-max-per-node uint Maximum number of tasks per node (default 0 = unlimited)
--reserve-cpu decimal Reserve CPUs
--reserve-memory bytes Reserve Memory
--restart-condition string Restart when condition is met ("none"|"on-failure"|"any")
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
--rollback Rollback to previous specification
--rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h)
--rollback-failure-action string Action on rollback failure ("pause"|"continue")
--rollback-max-failure-ratio float Failure rate to tolerate during a rollback
--rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h)
--rollback-order string Rollback order ("start-first"|"stop-first")
--rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once)
--secret-add secret Add or update a secret on a service
--secret-rm list Remove a secret
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h)
--stop-signal string Signal to stop the container
--sysctl-add list Add or update a Sysctl option
--sysctl-rm list Remove a Sysctl option
-t, --tty Allocate a pseudo-TTY
--update-delay duration Delay between updates (ns|us|ms|s|m|h)
--update-failure-action string Action on update failure ("pause"|"continue"|"rollback")
--update-max-failure-ratio float Failure rate to tolerate during an update
--update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h)
--update-order string Update order ("start-first"|"stop-first")
--update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once)
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--with-registry-auth Send registry authentication details to swarm agents
-w, --workdir string Working directory inside the container
# -d:后台
# -t:分配一个伪tty
# -q:限制输出
# -u:设置用户名
# -w:容器内的工作目录
可以利用replicas uint命令来设置运行台数
docker service update --replicas 3 mynginx
可以看出有三台机器运行了
可以看到在131、132、133三台服务器上启动了nginx。我们来访问看看
可以看出131、132、133、134都能访问,这是为啥呢?
只要在集群中,无论那台机器都能访问nginx。服务有多个副本,可以动态扩缩容。
也可以使用scale来进行扩缩容
docker service scale mynginx=5
删除服务
# docker service rm 服务名
docker service rm mynginx
