免責聲明

Disclaimer (免責聲明)
繼續閱覽代表您接受以上的免責聲明.
To continue reading means you accept the above disclaimer.

2015年3月23日 星期一

docker swarm, node, client or host ?


https://blog.docker.com/2015/02/scaling-docker-with-swarm/
http://devopscube.com/docker-tutorial-getting-started-with-docker-swarm/
http://www.blackfinsecurity.com/getting-started-with-docker-swarm/
http://www.blackfinsecurity.com/docker-swarm-with-tls-authentication/


node === swarm node === docker node within the swarm cluster
swarm client
swarm host
swarm manager

docker client

[Q] how to rm a swarm cluster?
[Q] how to rm a node from swarm?
[Q] On which machine to run swarm join ?




//=== after install swarm by "$ go get -u github.com/docker/swarm"
the 1st terminal
$ swarm create
$ swarm join token:// --addr=54.69.237.148:2375
$ swarm list token://

the 2nd terminal
$ swarm -debug manage --host=swarm-host-ip:swarm-port token://e508ff1181be1e69670d45dd7807a1a2

the 3rd terminal
$ docker -H tcp://swarm-host-ip:swarm-port ps
$ docker -H tcp://swarm-host-ip:swarm-port images
$ docker -H tcp://swarm-host-ip:swarm-port info
$ docker -H tcp://swarm-host-ip:swarm-port run -it --rm ubuntu:latest bash

-->
*** Error response from daemon: No healthy node available in the cluster
*** watch the 2nd terminal(swarm manage) for communication logs between swarm manager and docker nodes


//=== use swarm image from dockerhub, ubuntu14
$ sudo apt-get install docker.io
$ docker pull swarm
$ docker run --rm swarm create
f1c5f2641e8f0346d4dab863415568c4

$

//===
ERRO[0217] Get http://node-ip:2375/v1.15/info: dial tcp node-ip:2375: i/o timeout. Are you trying to connect to a TLS-enabled daemon without TLS?

ERRO[0242] Get http://node-ip:2375/v1.15/info: dial tcp node-ip:2375: i/o timeout. Are you trying to connect to a TLS-enabled daemon without TLS?


-->
https://docs.docker.com/swarm/

TLS
Swarm supports TLS authentication between the CLI and Swarm but also between Swarm and the Docker nodes. However, all the Docker daemon certificates and client certificates must be signed using the same CA-certificate.

In order to enable TLS for both client and server, the same command line options as Docker can be specified:

swarm manage --tlsverify --tlscacert= --tlscert= --tlskey= [...]

Please refer to the Docker documentation for more information on how to set up TLS authentication on Docker and generating the certificates.

Note: Swarm certificates must be generated withextendedKeyUsage = clientAuth,serverAuth.
張貼者:
標籤: , , , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)