Introduction to the use of Docker Swarm

English version | Version Française

This practical work session will be evaluated automatically. Note your answers to the questions on a sheet of paper that you will bring with you to the final exam.

For this tutorial you have to create 3 virtual machines (VMs) per group, but the project only allows the creation of a limited number of machines. It is therefore very important to work in pairs and to delete the machines that are no longer in use.

Finally, you will have to enter the IP address of the Manager node in Tomuss in the IP_Manager_TP_Swarm field.

Introduction

The objective of this practical work session is to get familiar with the clustering solution proposed by Docker named Swarm. There are alternative solutions that we will not explore today (e.g. Kubernetes).

We will rely on the [Lyon 1 OpenStack] infrastructure (https://cloud-info.univ-lyon1.fr/horizon). To get information on how to connect: https://documentation.univ-lyon1.fr/. In the project M2DISS project we will first deploy 3 small virtual machines (m1.tiny is sufficient). One will be used as Manager, and the other two as Worker.

Attention: For this tutorial we have prepared an image with a pre-installed and pre-configured Docker running at the university. You must create your instances from the image named Ubuntu 22.04.3 LTS - Docker Ready.

• Enter the IP address of the Manager node on Tomuss (step to be done by everyone).
• Add the teacher's public key with the following command on the node Manager.

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4fp5+2v2t5LjEckY6V3lNPPf8qIXEsZIVZvL0bnqY+f+zyPHhdyMS/r5qH8lpeB8CHjKwQRp3ttF1zZ5v7A4cel/2uXccun/gwf96s5Kpm5j8KzKwQbkigb/5Q69GC4pNA0b6u7QQ3kXTghaSFkuVlmqueoaw9sO9udYRXSVk9FX48F8OxkkwYMlUIacAU69udhvrpcUGBDn+t2Q696OUGl/4CZtHP4me3otOCFp6v3dGbY0ccu5at1aRaOmLH0XTtxRNSny3d1vpsgguAIT/PJJAjeuGCAWApNvJIYiQi4z0f6MSsjaIPwWtBakkNWPMkxP5Gph3x6qkkzyHMsoD jp@h2g2" >> /home/ubuntu/.ssh/authorized_keys

Part I: Deploying Docker Swarm

The basic installation can be done in a very simple way. First on the VM that will host the manager:

docker swarm init --advertise-addr 192.168.XXX.YYY

• What does this command do? Explain/describe briefly. You can use the command docker swarm init --help to get information about the parameters.

Then on each worker nodes

docker swarm join --token thetokenreturnedbyswarminit 192.168.XXX.YYY:2377

• What does this command do? Explain/Succinctly describe.

Note: For each question you will find answers in the official Docker Swarm documentation.

• Swarm init
• Swarm join

NB: Once the cluster is installed, the command below will allow you to have a view of your deployed infrastructure (http://IP_OF_YOUR_VM:8080)

docker service create   --name=viz    --publish mode=host,target=8080,published=8080 \
            --mode=global   --constraint=node.role==manager \
                        --mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
                        dockersamples/visualizer

• What command can we use to list and verify the list of available workers?
• Let's say you want to add a new worker node and you have misplaced the token for your swarm cluster. Which command will allow you to recover it ?
• Is it possible to have several machines acting as managers (in the same way that several machines are workers). How do they work ?
• Take a worker out of the cluster and put it back in. What commands do you enter?

Part II: Using a Swarm cluster

Let's run three instances of nginx in our swarm cluster.

(manager)# docker service create --name web --publish 80:80 --replicas=3 nginx:latest

• Which command do we use to list all the created services?
• Which command is used to list all instances of the service?
• Which command can be used to obtain detailed information about a service?

How to extend a service

In order to have now five instances of our service

(manager)# docker service scale web=5

We can also reduce the number of services (scale down)

(manager)# docker service scale web=1

Note that to delete a service (don't do it here)

(manager)# docker service rm web

Automatically maintain the service

If we have defined a service with a given number of replicas, the Swarm manager is in charge of making sure to maintain this state. To ensure this:

• Instantiate three replicas of a service (see previous command);
• Connect to one of the workstations hosting one of these replicas and brutally destroy the docker (docker kill ...).
• What happens after a few seconds?
• Now stop the working machine (via the horizon interface). What happens?

Part III: Managing the nodes in the cluster

• We want to shut down a physical node (of the worker type) to perform a maintenance maintenance operation on it. What procedure will you follow (or what commands will you enter) to do this properly?
• Briefly explain the concept of promoting a worker node (promote/demote).

Part IV: Network overlay

Delete all the services used previously (except the vizualization service), you will restart a single one with a single replica:

docker service create --name nginx -p 80:80 --replicas 1 nginx

Next, find out which compute node the Docker is on. The Docker name is a little different from the service name.

docker logs -f nginx.x.yyyyyyyyyyy

With the previous command display the nginx docker logs. Then with your browser try to contact the web server on your 3 VMs (Manager and Workers).

• What do you notice?
• Which network is using the Docker (use the command docker inspect ...)
• Display the list of networks, what is the driver of this network ?

Create your overlay network

• Create a network ''172.21.21.0/24'' with the overlay driver with the name reseau. Add at the time of its creation the option attachable option. This option will allow you to create Dockers using network without being managed by swarm.
• Deploy on the network newly created 3 replicas of the nginx service on port 80 and whose name is 'web'. Observe the IP addressing.

Part V: Creating a private registry

You have seen in the previous exercises that the Swarm cluster can easily launch easily launch Dockers based on public images. But for the moment you can't do it with images built via a Dockerfile. To avoid this limitation, you have to install a private docker repository in which you place and upload the images you have generated. You can find the documentation here.

Be careful, the registry that you can easily use are local registries, that is to say that their address is localhost. Indeed, to authorize a remote registry, you have to manage SSL authentication certificates which is out of the scope of this tutorial. So you will create a single Docker registry that will respond to the address localhost:5000 on several virtual machines. This is only possible thanks to the Swarm cluster which will take care of the packet redirection for you.

• In the Swarm cluster, create a registry service with the name registry, from the image registry:2 and which shares port 5000 with all machines in the cluster.
• On which node is it instantiated?
• The registry is a storage node. If the scheduler decides to move it, all the images it contains will be deleted. To avoid this, delete the registry service and recreate it by imposing (constraint) that it must be instantiated on the Manager node.
• Test its response to the localhost address by connecting to a virtual machine that is not running the registry service.
  • To do this you can pull an official image (take the hello-world) and then tag it to localhost:5000/my-hello-world*.
  • Then push it to localhost and delete the two images (the one retrieved via the pull and the one tagged).
  • Finally, do a pull on localhost of the tagged image.

Exploring the registry

The registry seems a bit abstract because it doesn't allow you to easily to explore its content. But there are services specialized in this exploration that you can of course install as containers.

• Install a registry crawler service like this one https://store.docker.com/r/konradkleine/docker-registry-frontend via the command

docker service create -d --network reseau -e ENV_DOCKER_REGISTRY_HOST=registry
                       -e ENV_DOCKER_REGISTRY_PORT=5000 -p 8443:80 --name regbrowser
                       konradkleine/docker-registry-frontend:v2

Check out the http:IP_OF_YOUR_VM:8443 page and explore the contents of the registry.