Here we will store the configuration of our experimental Docker Swarm Architecture.
It also defines the image for Doppler Swarm Proxy with the required configuration.
IMPORTANT: the folder swarm-stack is very useful to test locally, but its contents could be not up-to-date.
See the production content in the repo doppler-swarm-devops.
Draft:
Probably, we will sign most of the requests in doppler-swarm-proxy, so doppler-for_shopify and doppler-webapp are only exposing non-encrypted ports.
But, doppler-forms has to deal with different and non-static keys, for that reason it is also exposing a encrypted port.
Install Docker in all nodes, configure the users and initialize it.
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo groupadd docker
sudo usermod -aG docker ${user}
newgrp docker
sudo systemctl enable docker
sudo systemctl stop docker
sudo systemctl start dockerSee also:
Initialize the swarm with the first node as manager (by the moment 1042791-rabbitmq / 172.25.48.222).
$ docker swarm init --advertise-addr 172.25.48.222
Swarm initialized: current node (9zap4vc1suo3bxsr4ohwm1wpi) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-3ytm******************************************9u3b-eh8h*****************4zfn 172.25.48.222:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.See also:
It is recommended having odd number of managers. If it is not possible having three, having one is better than two, because if you have 2 and one of them goes down, the other one does not know that.
Get the join information from one of the existent swarm nodes (in our example 1042791-rabbitmq / 172.25.48.222).
$ docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-3ytm******************************************9u3b-a6ii*****************itve 172.25.48.222:2377Run the generated command line in the new node (in our example 1022851-mta.cloudspace / 172.24.16.221).
docker swarm join --token SWMTKN-1-3ytm******************************************9u3b-a6ii*****************itve 172.25.48.222:2377See also:
Get the join information from one of the existent swarm nodes (in our example 1042791-rabbitmq / 172.25.48.222).
$ docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-3ytm******************************************9u3b-eh8h*****************4zfn 172.25.48.222:2377Run the generated command line in the new node.
docker swarm join --token SWMTKN-1-3ytm******************************************9u3b-eh8h*****************4zfn 172.25.48.222:2377See also:
If you have only two managers and leave the swarm, the other one will not work alone without an explicit command.
docker swarm leaveIf I am not wrong, login is only required in one node.
To download images we are using the user dnoyareader.
TODO: We should learn about credential helpers.
$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If you dont have a Docker ID, head over to https://hub.docker.com to create one.
Username: dnoyareader
Password:
WARNING! Your password will be stored unencrypted in /home/user1/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login SucceededWe need to prepare a server with the files required by docker stack deploy.
In one of the swarm managers node run the following code (by the moment 1042791-rabbitmq / 172.25.48.222).
sudo mkdir /doppler-swarm
sudo chgrp docker /doppler-swarm -R
sudo chmod g+ws doppler-swarm
cd /doppler-swarm
wget https://raw.githubusercontent.com/FromDoppler/doppler-swarm/master/swarm-stack/docker-compose.yml
# TODO: determine how to also download secrets and other files
# See files in: https://github.com/FromDoppler/doppler-swarm/tree/master/swarm-stack
$ docker stack deploy -c docker-compose.yml --with-registry-auth doppler-swarm
Creating network doppler-swarm_sites
Creating service doppler-swarm_doppler-webapp
Creating service doppler-swarm_doppler-docker-playground
Creating service doppler-swarm_doppler-forms
Creating service doppler-swarm_sites-proxydocker stack rm doppler-swarmAccess into running container to inspect with bash commands inside.
docker exec -it doppler-swarm_sites-proxy.1.p5bffwi5c0nyy8hibr0j7z81u /bin/bashYou could use this to access into a failing image to run bash commands inside to see what happened, get a detailed log.
docker run --rm -it --entrypoint=/bin/sh fromdoppler/doppler-forms:beta# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/add-nodes/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/inspect-service/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/scale-service/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/delete-service/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/delete-service/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/
# Skipping https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/
# Skipping https://docs.docker.com/engine/swarm/ingress/
docker login -u dnoyareader -p c56***d80
docker service create --name test-forms --publish published=80,target=80 --replicas 2 --with-registry-auth fromdoppler/doppler-forms:beta
# 2019-10-31
# In my local machine
$ docker swarm init
Swarm initialized: current node (x09r0qcwdx7q636822qmudg6r) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-1g2k7tvyy92zj4ou717c0xbn2tvi9wvs90d2v4badglpj9ezk7-exunjfpyed48qbf6mr694xkbg 192.168.65.3:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
# Update the image of the containers
$ docker service update --image fromdoppler/doppler-docker-playground:beta doppler-docker-playground
overall progress: 2 out of 2 tasks
1/2: running [==================================================>]
2/2: running [==================================================>]
verify: Service converged
# Enough manual micro-experiments, it continues in `update-local.sh`