「深度学习福利」大神带你进阶工程师，立即查看>>>
配置 Docker Swarm 配置信息 配置：4核心 4GB内存 系统：CentOS-7.6 1810 Minimal 注意：开始安装前确保系统时间正常 注意： 1.所有命令只需要在部署节点(192.168.2.71)执行 角色信息： harbor: 192.168.2.75 manager: 192.168.2.71 192.168.2.72 worker: 192.168.2.73 192.168.2.74 配置变量 # 替换变量值为实际IP地址 注意主机名与IP个数对应 以空格分隔 HARBOR=192.168.0.75 SERVER_NAME=(node01 node02 node03 node04 node05) SERVER_IP=(192.168.0.71 192.168.0.72 192.168.0.73 192.168.0.74 192.168.0.75) 设置本地Host解析 # 清理 hosts(只保留2行 新增 swarm 集群主机hosts解析) sed -i '3,$d' /etc/hosts echo -e "\n# swarm cluster" >> /etc/hosts let SER_LEN=${#SERVER_IP[@]}-1 for ((i=0;i<=$SER_LEN;i++)); do echo "${SERVER_IP[i]} ${SERVER_NAME[i]}" >> /etc/hosts done 配置ssh秘钥登录 # 替换 list 中的IP为实际IP 替换 SSH_RROT_PASSWD 值为 root SSH 密码 SSH_RROT_PASSWD=redhat curl -sSL -o ssh-key-copy.sh https://dwz.cn/S0NQWllm chmod +x ssh-key-copy.sh && ./ssh-key-copy.sh "$(echo ${SERVER_IP[@]})" root $SSH_RROT_PASSWD # 同步hosts文件 for node in ${SERVER_IP[@]}; do scp /etc/hosts $node:/etc/hosts done 设置主机名 for node in ${SERVER_IP[@]}; do ssh -T $node <<'EOF' HOST_IF=$(ip route|grep default|cut -d ' ' -f5) HOST_IP=$(ip a|grep "$HOST_IF$"|awk '{print $2}'|cut -d'/' -f1) hostnamectl set-hostname $(grep $HOST_IP /etc/hosts | awk '{print $2}') EOF done 优化参数 for node in ${SERVER_IP[@]}; do ssh -T $node <<'EOF' # 优化ssh连接速度 sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config sed -i "s/GSSAPIAuthentication .*/GSSAPIAuthentication no/" /etc/ssh/sshd_config systemctl restart sshd # 配置yum源 rm -f /etc/yum.repos.d/*.repo curl -so /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -so /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo sed -i '/aliyuncs.com/d' /etc/yum.repos.d/Centos-7.repo /etc/yum.repos.d/epel-7.repo # 防火墙 firewall-cmd --set-default-zone=trusted firewall-cmd --complete-reload iptables -P INPUT ACCEPT iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t raw iptables -X -t raw iptables -F -t mangle iptables -X -t mangle # 内核参数 echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf modprobe br_netfilter sysctl -p -w /etc/sysctl.conf # stop selinux setenforce 0 sed -i 's#SELINUX=.*#SELINUX=disabled#' /etc/selinux/config EOF done 安装 Docker # 定义变量 SOURCE_DIR=/home DOCKER_VER=18.09.8 DOCKER_DATA=/var/lib/docker DOCKER_HOME=/usr/local/docker INSECURE=$HARBOR MIRROR=http://3272dd08.m.daocloud.io # 下载二进制包 DOCKER_URL="https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-${DOCKER_VER}.tgz" mkdir -p $SOURCE_DIR $DOCKER_HOME/bin && cd $SOURCE_DIR curl -C- -O --retry 3 "$DOCKER_URL" --progress # 解压 tar zxf $SOURCE_DIR/docker-${DOCKER_VER}.tgz -C $DOCKER_HOME/bin --strip-components 1 ln -sf $DOCKER_HOME/bin/docker /bin/docker # 创建 docker 服务管理脚本 cat > /etc/systemd/system/docker.service <<-EOF [Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.io [Service] Environment="PATH=$DOCKER_HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin" ExecStart=$DOCKER_HOME/bin/dockerd ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT ExecReload=/bin/kill -s HUP \$MAINPID Restart=on-failure RestartSec=5 LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF # 创建docker配置文件 mkdir -p $DOCKER_DATA /etc/docker cat > /etc/docker/daemon.json <<-EOF { "registry-mirrors": ["$MIRROR"], "insecure-registries": ["$INSECURE"], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } EOF # 启动服务 systemctl enable docker systemctl daemon-reload systemctl restart docker # 验证 docker info && docker --version 命令补全 curl -sSL https://dwz.cn/ivKazMlX -o /etc/bash_completion.d/docker curl -sSL https://dwz.cn/SV7woGp8 -o /usr/share/bash-completion/bash_completion echo -e "\nsource /usr/share/bash-completion/bash_completion" >> ~/.bashrc 同步 Docker 到其他节点 for node in node0{2..5}; do echo "-------------------- $node --------------------" scp -r ${DOCKER_HOME} ${node}:${DOCKER_HOME} ssh ${node} 'mkdir -p /etc/docker' scp /etc/docker/daemon.json ${node}:/etc/docker/daemon.json scp /etc/systemd/system/docker.service ${node}:/etc/systemd/system/docker.service ssh ${node} 'systemctl enable docker' ssh ${node} 'systemctl daemon-reload' ssh ${node} 'systemctl restart docker' ssh ${node} "ln -sf $DOCKER_HOME/bin/docker /bin/docker" scp /etc/bash_completion.d/docker ${node}:/etc/bash_completion.d/docker scp /usr/share/bash-completion/bash_completion ${node}:/usr/share/bash-completion/bash_completion scp ~/.bashrc ${node}:~/.bashrc done 防火墙(swarm 集群通信)（貌似可以忽略） for node in node0{1..5}; do ssh -T ${node} <<EOF # firewalld firewall-cmd --zone=public --add-port=2377/tcp --permanent firewall-cmd --reload firewall-cmd --zone=public --query-port=2377/tcp firewall-cmd --zone=public --list-ports EOF done 创建SWARM 集群 docker swarm init --advertise-addr $(awk '/node01/{print $1}' /etc/hosts) worker_cmd=$(docker swarm join-token worker | grep 'token') manager_cmd=$(docker swarm join-token manager | grep 'token') # 加入 manager 节点 ssh node02 "$manager_cmd" # 加入 worker 节点 ssh node03 "$worker_cmd" ssh node04 "$worker_cmd" # 提升为 manager 节点 docker node promote node02 # 降级为 worker 节点 docker node demote node02 # 删除 swarm 节点 docker swarm leave --force # node docker node rm -f <node> # manager # docker swarm 常用命令 docker swarm init # 初始化集群 docker swarm join-token worker # 查看工作节点的 token docker swarm join-token manager # 查看管理节点的 token docker swarm join # 加入集群中 #docker node 常用命令 docker node ls # 查看所有集群节点 docker node rm # 删除某个节点（-f强制删除） docker node inspect # 查看节点详情 docker node demote # 节点降级，由管理节点降级为工作节点 docker node promote # 节点升级，由工作节点升级为管理节点 docker node update # 更新节点 docker node ps # 查看节点中的 Task 任务 # docker service 常用命令 docker service create # 部署服务 docker service inspect # 查看服务详情 docker service logs # 产看某个服务日志 docker service ls # 查看所有服务详情 docker service rm # 删除某个服务（-f强制删除） docker service scale # 设置某个服务个数 docker service update # 更新某个服务 # docker stack 常用命令 docker stack deploy # 部署新的堆栈或更新现有堆栈 docker stack ls # 列出现有堆栈 docker stack ps # 列出堆栈中的任务 docker stack rm # 删除堆栈 docker stack services # 列出堆栈中的服务 docker stack down # 移除某个堆栈（不删数据） # 活动的主节点Down 在另一个主节点执行 docker swarm init --force-new-cluster # 将分配了任务的工作节点 node03 下线： docker node update --availability drain node03 # 再次将被下线的节点重置为活动状态 docker node update --availability active node03 GUI管理界面 curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml docker stack deploy -c portainer-agent-stack.yml portainer https://docs.docker.com/engine/reference/commandline/stack_services/