视频地址:https://www.bilibili.com/video/BV1cb411S7jw?p=6,若翻译不准,请以视频为准。
感谢博主的视频资源,这是目前找到的最系统介绍 Swarm的资料了,官方文档比较适合查阅。
Alright, so wherever you're running your docker from, we can actually create a single node swarm from testing purposes, the way I can tell whether or not I can just do a docker info. And you'll notice swarm inactive, so we know this form hasn't been enabled here and again. By default, docker does not enable any of the swarm features.
好的,所以无论您在哪里运行docker,我们实际上都可以根据测试目的创建一个单节点群集,docker info是我可以判断是否可以执行方式。而且您会发现swarm处于非活动状态,因此我们知道此特性尚未被启用。默认情况下,docker不启用任何swarm功能。
And I can run docker swarm init. And it's for initialize. And that took about half a second, and we're done. What we have now is a single node swarm with all the features and functionality that we get out of the box.
而且我可以运行docker swarm init。它用于初始化。大约花了半秒钟,我们就完成了。我们现在拥有的是一个单节点集群,具有我们开箱即用的所有功能。
Ok, so that was probably the shortest demo of this entire course, so I mean, what just happened like we type one command and magic wasn't actually any magic. It was a lot of very quick and efficient things in the go programming of docker, but essentially right out of the box, it does a bunch of PKI and security stuff, so it creates a root certificate for this warm that it will use to establish trust and sign certificates for all nodes in all managers and it will create a special certificates. Because it's a manager versus worker, and then it creates these tokens that we can actually use on other nodes to join this shoulder here.
好的,这可能是整个课程中最短的演示,所以我的意思是,就像我们键入一个命令而发生的事情一样,魔术实际上并不是任何魔术。在docker的go编程中,这是很多非常快速和高效的事情,但是从本质上说,它开箱即用,它可以执行很多PKI和安全性工作,所以它为这个warm创建了一个根证书,它将用于为所有管理器中的所有节点建立信任和签名证书,它将创建一个特殊的证书。因为它是manager 与worker,然后创建了这些令牌,我们可以在其他节点上实际使用它们以在这里加入这个集群。
Enables the Swarm API and create something called the raft consensus database, which we'll talk about later in a production part of the course, but just, you know, raft is a protocol that actually ensures consistency across multiple nodes, and it's ideal for using in the cloud where we can guarantee that anyone thing will be available for any moment in time.
启用Swarm API并创建一个称为Raft共识数据库的东西,我们将在课程的稍后部分对此进行讨论,但是,您知道Raft是一种协议,实际上可以确保多个节点之间的一致性,因此非常适合在云中使用我们可以保证任何事物在任何时刻都可用。
It creates that database on disk it stores the configuration of the swarm and then. Assuming you're on version 113 or newer, then it'll wait for any other nodes before it starts actually replicating the database over to them, and again all of this traffic that it would be doing once we create other nodes is all going to be encrypted and one of the key components of swarm that differentiated it when it first came out was that we didn't need an additional key value storage system or some database architecture to be the back end configuration management of our swarm,
它在磁盘上创建该数据库,然后存储群集的配置。假设您使用的是113版或更高版本,则它将等待任何其他节点,然后才开始将数据库实际复制到它们上. 同样,当我们创建其他节点时将要处理的所有流量都将全部加密,而swarm最初出现时对其进行区分的关键组件之一,就是我们不需要额外的密钥值存储系统或某种数据库体系结构作为我们群的后端配置管理,
and if you've been around the industry foryears or decades, even there's this concept, typically at the config db, which is this separate database system that you usually need to make redundant that will store all the information about your orchestration and automation system, but swarm is actually built that straight into docker right into the daemon and handles it for us, so we never really need to do anything. There's no passwords to worry about. There's no special services to start up or anything like that.
如果您从事该行业已有数十年或数十年的经验,那么即使是在config db上也有这个概念,通常是需要独立的数据库系统,该数据库系统需要冗余以存储有关业务流程和自动化系统的所有信息,但是swarm实际上是直接构建在docker中并直接进入daemon 并为我们处理的,因此我们实际上不需要做任何事情。无需担心密码。没有启动任何特殊服务或类似的东西。
Ok so back to the command line you'll notice here that talks about if I want to add a worker to this warm I just really need to cut and paste this onto the other servers I would add now later we're actually going to build a multi node swarm but for now we're just going to keep this at a single node and let's take a look at a couple of the commands will get out of it
好了,回到命令行,您会在这里注意到,如果我想在此swarm中添加一个worker,我真的需要将其剪切并粘贴到其他服务器上,稍后再添加,我们实际上将进行构建一个多节点群集,但现在我们将其保留在单个节点上,让我们看一下其中的一些命令.
so first thing is we can do docker node ls and in this case we're just seeing the one manager note that we've created you'll notice is marked as leader and there can only be one leader at a time amongst all managersand again, since we only got one then, obviously it's the leader and we can look at help. See what other options we have here? And really, the nodes commands used for bringing your servers in and out of the swarm or promoting them from workers to managers or demonium from managers back down the workers,
这样第一件事就是我们可以做docker node ls,在这种情况下,我们会看到我们创建的一个manager ,你会注意到,它被标记为leader,在所有manager 中一次只能有一个leader再说一次,因为我们只有一个,很明显是leader,我们可以寻求help。看看我们在这里还有其他选择吗?实际上,nodes命令用于将服务器移入或移出群集,或将它们从workers提升到managers ,或从managers 升级到退役workers,
For now, let's focus on the exciting new docker service commitment. So again, service in a swarm replaces the docker run and I don't know for a fact, but I really think that this was centered around the idea that we didn't want to break existing docker run functionality, but docker run was always built from the ground up as a single host solution is a whole idea was to focus on local containers on the system that it's talking to me, whereas when we start talking about a cluster. We don't care so much about individual nodes. We don't actually probably name them. And we treat him like cattle. If you've ever heard of the pets versus cattle analogy, where they're just a number and we don't really individually go to each node and start up an individual container, we really just throw requirements at this warm in the form of services, and then it will orchestrate how it needs to lay all that out which knows they need to be, and we just know that it's got our back.
现在,让我们专注于令人兴奋的新docker service承诺。再说一次,大量docker service取代了docker run,我不知道事实原因,但是我真的认为,这是围绕我们不想破坏现有docker run功能的想法而来的,但docker run总是从头开始构建,作为一个单一的主机解决方案,整个想法是专注于与之对话的系统上的本地容器上,而当我们开始谈论集群时,我们不太关心单个节点。我们实际上可能没有命名它们。我们像对待牛一样对待他。如果您听说过宠物与牛的类比,它们只是一个数字,而我们并没有真正去每个节点并启动一个单独的容器,我们只是以service的形式向这个Swarm集群抛出需求,然后它将协调如何将需要知道的所有内容进行布局,而我们只是知道它得到了我们的支持。
You specified for it, so the goal of the orchestrator is to make these numbers match whatever that takes, but this again doesn't actually show us the real container. This is really just showing us a list of our services so we can drill down a little farther. Can we do a docker service ps and then we give it the name or the id of the service and that will actually show us the tax or containers for this service, and you'll see that it's similar to the docker container ls command, but it actually has now this node component because when you're dealing with multi server scenarios we might need to know which server is actually running on you'll notice that it actually gave it a name of an increment on the service name so we went back.
若您指定了它,所以编排器的目标是使这些数字匹配所需要的任何东西,但这并没有向我们展示真正的容器,这实际上只是向我们展示了我们的服务列表,这样我们就可以深入得更远一些。我们可以做一个docker service ps,然后我们给它service的名称或id,这实际上会显示这个服务的tax或容器,并且您会看到它类似于docker container ls命令,但是实际上它现在具有此节点组件,因为在处理多服务器方案时,我们可能需要知道实际在哪个服务器上运行,您会注意到它实际上给它提供了服务名称的增量名称,所以我们返回了。
To the docker container ls command that still works, but in this case the orchestration of swarm is actually adding some information. To the names and to the actual images that are running. More covers little differences later as well. For now, it's actually take that service and let's scale it up. For that, use the docker service update and then the name of our service or the id. In this case, I'll do the id. And I want to change an attribute about the surface, and in this case I want to change the number of replicas. And so if we do a docker service ls again, we now see three of three if we do a doctor service ps. We actually now see three tasks and you'll notice that two were just created seconds ago now if we were fast enough and if we were deployed something big enough, we could actually run the service ls and actually see it show us zero of three one of three it'll actually increment as things start up. It just so happens that alpine was already on this machine in terms of its image and it didn't take very long to start up a Ping command, so we just couldn't be that fast.
对于docker container ls命令仍然有效的,但是在这种情况下,swarm的编排实际上是添加了一些信息到名称和正在运行的实际映像。更多内容也涵盖了以后的微小差异。现在,实际上是要使用该服务,然后让我们扩大规模。为此,请使用docker service update,然后使用我们的服务名称或ID。在本例中,我将执行id。我想改变一个关于replicated的属性,在这种情况下,我想改变复制的数量。因此,如果我们再做一个docker service ls,我们现在看到3/3,如果我们做一个docker service ps。我们现在实际上看到了三个任务,你会注意到,两个任务是在几秒钟前创建的,如果我们足够快,如果我们部署了足够大的东西,我们实际上可以运行服务ls,实际上看到它向我们显示三个中的零,当事情开始时,它实际上会增加。碰巧,就它的图像而言,alpine已经在这台机器上了,它没有花很长时间就启动了一个ping命令,所以我们不能那么快。
Now it's interesting about that update command, is it you can imagine the difference between the docker run command that you might use on a single dev or test server on your local machine and the production concerns of always keeping something available as much as possible, and that's one of the design goals it's warm. Command that we actually haven't used yet is the docker update command, and that was a command for the docker run containers that allowed us to update certain variables on a running container without having to kill it and restart it, and almost all of those options are related to limiting and controlling resource usage for that container because that's one of the typical things that you see when you're running a long term application is that you need to change its resources, maybe because the databases have gotten bigger and need more ram. Maybe you have a out of control process that's eating up too much CPU, and you need to limit it, but if we do a help on the docker. Service update command. You'll see that we have a lot more options because the goal of a swarm service is that is able to replace containers and update changes in the service
现在关于update命令很有趣,你能想象在本地机器上的单个dev或test服务器上使用的docker run命令和总是保持尽可能多的可用性这是设计目标之一。我们实际上还没有使用的命令是docker update命令,这是docker run容器的命令,它允许我们更新正在运行的容器上的某些变量,而不必杀死它并重新启动它,几乎所有这些选项都与限制和控制该容器的资源使用有关,因为当您运行一个长期应用程序时,您会看到一个典型的事情,那就是您需要更改它的资源,也许是因为数据库已经变得更大,需要更多的ram。也许您有一个失控的进程,消耗了太多的cpu,您需要限制它.但是如果我们在Docker Service update命令帮助的话,您会看到我们有更多选择,因为大量服务的目标是能够替换容器并更新服务中的更改
Ok, so back to our docker. Container list real quick. You notice that we have these three now, and what if I went in and sort of as a rogue, did a docker container rm in a specified one of these containers? I forced it. Super say I'd be the first one. You just take it out. Alright, now I do a docker service less. You see how it shows two of three, so because I went in behind the back will swarm and I actually took away at converting container, it's gonna identify that is going to launch a new one within seconds to replace the one that went down, and so if I did a docker Service ps on frosty you'll see that it actually shows the history of the first task here in the list as it had one failed and it started a new one 24 seconds and this is one of the responsibilities of the container orchestration system is to make sure that the services you specified are always running and if they fail, it recovers from that failure, which is way that different that docker run.
好吧,回到我们的docker 容器列表, 你注意到我们现在有这三个容器,如果我进去,作为一个盗贼,删除其中一个指定的容器?我强迫的。我们选择第一个,把它拿出来。好了,现在我做一个docker service ls,你看它是显示三个中的两个,所以因为我从后面进去,swarm如约而至,我实际上拿走了容器,它将确定在几秒钟内推出一个新的,以取代倒下的,所以如果我做了一个docker service ps,你会看到的,在列表中显示第一个任务的历史,因为它有一个失败,它在24秒内启动了一个新的任务,容器编排系统的职责之一是确保您指定的服务始终在运行,如果它们失败,它从失败中恢复过来。这是与docker run的不同
And it's a big difference. It's settling the command line, but it's a big difference because it means that there is a rollback possibilities. There's failure mitigation and a lot of intelligence built into them. So in this case, if I actually want to remove all these containers, I'd have to remove the service docker service Orem and then the frosty. Service ls see nothing if we do a docker container. Ls we see three containers? He. And there we go that shows right there the automation happening on the back end, we were able to quickly show that we deleted the service, but the orchestration system hadn't gone through all of its processes of cleaning up the service and a task behind it. His concepts should be pretty easy to understand because they're just really expanding on the docker run concepts that we've had earlier in this course, so next let's actually build a multi node swarm and start scaling our containers out.
这是一个很大的区别。它解决了命令行问题,但是有很大的不同,因为这意味着存在回滚的可能性。有减轻故障的能力,并且内置了许多智能。因此,在这种情况下,如果我实际上要删除所有这些容器,则必须docker service rm删除服务。如果我们执行docker service ls看不到任何东西。我们看到三个容器了吗?接下来,我们展示了在后端发生的自动化,我们能够快速地显示我们删除了服务,但是编排系统并没有经历清理服务的所有过程和它后面的任务。他的概念应该很容易理解,因为它们实际上扩展了我们在本课程前面已经有的docker run概念,所以接下来让我们实际构建一个多节点群,并开始扩展我们的容器。
扫一扫
4011
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
