[docker 실습] 10. 스웜모드 서비스
docker
Author
chan2sloDate
2021-04-19 01:10
Views
2360
스웜모드 서비스 생성하기, 레플리카 모드로 2개 생성
[root@swarm-manager ~]# docker service create --name myweb --replicas 2 -p 80:80 nginxgnzbomte6r1xr732r2k6i4kur
overall progress: 2 out of 2 tasks
1/2: running
2/2: running
verify: Service converged
[root@swarm-manager ~]# docker service ps myweb
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
g6q2jqbkachf myweb.1 nginx:latest swarm-worker1 Running Running 24 seconds ago
rwbttaai8e2w myweb.2 nginx:latest swarm-manager Running Running 24 seconds ago
|
어떤 노드의 아이피를 사용해도 nginx 가 접속된다
아래의 그림처럼 컨테이너가 없는 노드의 아이피로 해도 nginx 접속가능
만약 안된다면 방화벽에 아래의 포트 허용룰 추가, docker 컨테이너들끼리 통신하는 포트이다.
[root@swarm-manager ~]# iptables -I INPUT -p tcp --dport 7946 -j ACCEPT[root@swarm-manager ~]# iptables -I INPUT -p udp --dport 7946 -j ACCEPT
[root@swarm-manager ~]# iptables -I INPUT -p udp --dport 4789 -j ACCEPT
[root@swarm-manager ~]# iptables -I INPUT -p tcp --dport 4789 -j ACCEPT
|
도커 서비스 태스크(컨테이너)의 갯수를 늘리는 명령
[root@swarm-manager ~]# docker service scale myweb=4myweb scaled to 4
overall progress: 4 out of 4 tasks
1/4: running [==================================================>]
2/4: running [==================================================>]
3/4: running [==================================================>]
4/4: running [==================================================>]
verify: Service converged
[root@swarm-manager ~]# docker service ps myweb
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ema8ld0ldq9d myweb.1 nginx:latest swarm-worker1 Running Running 4 minutes ago
yvxpdo6re80t myweb.2 nginx:latest swarm-manager Running Running 4 minutes ago
muwegjltrwme myweb.3 nginx:latest swarm-worker2 Running Running 21 seconds ago
1z2sfc1nolmq myweb.4 nginx:latest swarm-worker2 Running Running 21 seconds ago
|
글로벌 모드는 반드시 노드당 하나의 태스크(컨테이너)를 생성한다.
레플리카의 갯수를 별도로 지정하지않음
[root@swarm-manager ~]# docker service create --name global_web --mode global nginx5v5qnbtstar2mr8tr0hhekeqb
overall progress: 3 out of 3 tasks
pigeuh78ju2u: running [==================================================>]
j56n4sis1pn2: running [==================================================>]
reyoy4ogavf4: running [==================================================>]
verify: Service converged
[root@swarm-manager ~]# docker service ps global_web
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
9uojz4y6ks9t global_web.j56n4sis1pn2vivt3zmgehaq3 nginx:latest swarm-worker2 Running Running 27 seconds ago
22gjqbigwxqo global_web.pigeuh78ju2u8vgi514eskjt3 nginx:latest swarm-worker1 Running Running 17 seconds ago
ilqc72l7bgki global_web.reyoy4ogavf4uu72p9nal7qbu nginx:latest swarm-manager Running Running 17 seconds ago
|
서비스 롤링 업데이트, 아래와 같이 서비스를 레플리카 3개로 만듦
[root@swarm-manager ~]# docker service create --name myweb2 --replicas 3 nginx:1.10lmp2a95el2tqc7h3thwofhfgc
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
[root@swarm-manager ~]# docker service ps myweb2
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
o6zdn9albj5u myweb2.1 nginx:1.10 swarm-worker2 Running Running about a minute ago
1d426eem3e8l myweb2.2 nginx:1.10 swarm-worker1 Running Running 57 seconds ago
v7lsb65x4p5c myweb2.3 nginx:1.10 swarm-manager Running Running 54 seconds ago
|
아래의 명령을 통해 nginx:1.10에서 nginx:1.11로 업데이트 하게될경우
한번에 모든 태스크들이 업데이트 되는것이 아니라 하나씩 업데이트 되는것을 볼수있다.
[root@swarm-manager ~]# docker service update --image nginx:1.11 myweb2myweb2
overall progress: 1 out of 3 tasks
1/3: running [==================================================>]
2/3: preparing [=================================> ]
3/3:
[root@swarm-manager ~]# docker service ps myweb2
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
1lfjs2140fq1 myweb2.1 nginx:1.11 swarm-worker2 Running Running 48 seconds ago
o6zdn9albj5u \_ myweb2.1 nginx:1.10 swarm-worker2 Shutdown Shutdown 57 seconds ago
qncrj81vo3mz myweb2.2 nginx:1.11 swarm-worker1 Running Running 49 seconds ago
1d426eem3e8l \_ myweb2.2 nginx:1.10 swarm-worker1 Shutdown Shutdown 57 seconds ago
2okzcun4cqae myweb2.3 nginx:1.11 swarm-manager Running Running 58 seconds ago
v7lsb65x4p5c \_ myweb2.3 nginx:1.10 swarm-manager Shutdown Shutdown about a minute ago
|
서비스를 생성할때 롤링 업데이트의 주기, 업데이트를 동시에 진행할 컨테이너 개수, 업데이트에 실패했을때 어떻게 할 것인지를 설정할수있다.
[root@swarm-manager ~]# docker service create --replicas 4 --name myweb3 --update-delay 10s --update-parallelism 2 nginx:1.10s7y7o6o2ico8er8sbrpgsbiwt
overall progress: 4 out of 4 tasks
1/4: running [==================================================>]
2/4: running [==================================================>]
3/4: running [==================================================>]
4/4: running [==================================================>]
verify: Service converged
|
롤링 업데이트의 설정은 아래의 명령으로 확인할수있음
[root@swarm-manager ~]# docker service inspect --pretty myweb3ID: s7y7o6o2ico8er8sbrpgsbiwt
Name: myweb3
Service Mode: Replicated
Replicas: 4
Placement:
UpdateConfig:
Parallelism: 2
Delay: 10s
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Update order: stop-first
RollbackConfig:
Parallelism: 1
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order: stop-first
ContainerSpec:
Image: nginx:1.10@sha256:6202beb06ea61f44179e02ca965e8e13b961d12640101fca213efbfd145d7575
Init: false
Resources:
Endpoint Mode: vip
|
[서비스 컨테이너에 설정 정보 전달하기]
1. secret
설정값이나 패스워드같은 경우 -e 옵션을 통해 전달할수도 있겠지만
보안상 바람직하지 않다. 다음의 secret을 통해 전달할수있다. secret은 스웜모드에서만 사용가능하다.
secret 생성
[root@swarm-manager ~]# echo 1q2w3e4r | docker secret create my_mysql_password -fjit4p1f3y68e9qjq2sv5rxah
[root@swarm-manager ~]# docker secret ls
ID NAME DRIVER CREATED UPDATED
fjit4p1f3y68e9qjq2sv5rxah my_mysql_password 7 seconds ago 7 seconds ago
[root@swarm-manager ~]# docker secret inspect my_mysql_password
[
{
"ID": "fjit4p1f3y68e9qjq2sv5rxah",
"Version": {
"Index": 539
},
"CreatedAt": "2021-04-17T00:35:05.412299346Z",
"UpdatedAt": "2021-04-17T00:35:05.412299346Z",
"Spec": {
"Name": "my_mysql_password",
"Labels": {}
}
}
]
|
사용법
[root@swarm-manager ~]# docker service create --name mysql --replicas 1 \> --secret source=my_mysql_password,target=mysql_root_password \
> --secret source=my_mysql_password,target=mysql_password \
> -e MYSQL_ROOT_PASSWORD_FILE="/run/secrets/mysql_root_password" \
> -e MYSQL_PASSWORD_FILE="/run/secrets/mysql_password" \
> -e MYSQL_DATABASE="wordpress" \
> mysql:5.7
17ori7kqa59n4mqb4vzxfg18n
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
|
--secret 옵션을 통해 컨테이너로 공유된 값은 /run/secrets 디렉터리 내부에 저장된다
[root@swarm-manager ~]# docker service ps mysqlID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
moneffls3rlf mysql.1 mysql:5.7 swarm-worker2 Running Running 2 minutes ago
[root@swarm-worker2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3aa1660ac56f mysql:5.7 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp, 33060/tcp mysql.1.moneffls3rlfsgvujhl6rh2xt
[root@swarm-worker2 ~]# docker exec 3aa1660ac56f ls /run/secrets
mysql_password
mysql_root_password
[root@swarm-worker2 ~]# docker exec 3aa1660ac56f cat /run/secrets/mysql_password
1q2w3e4r
|
target 값에 절대경로를 입력해 /run/secrets 외의 디렉터리로 공유 가능하다.
docker service create --name mysql --replicas 1 \--secret source=my_mysql_password,target=/home/mysql_root_password
....
|
config는 secret과 거의 동일하다.
[예시]
docker config create [호스트에 있는 config 파일] [생성할 config] docker config ls로 확인
|
생성된 config의 data 부분은 base64로 디코딩하여 확인할수있따.
echo [data 부분] | base64 -d |
secret과 config 값은 수정할수 없지만, 컨테이너가 새로운 값을 사용해야 한다면
docker service update 명령의 --config-rm, --config-add, --secret-rm, --secret-add를 이용하여
변경할수 있다.
Total Reply 0