Docker Swarm Install Ubuntu

2/12/2022by admin
  1. Docker Swarm Install Ubuntu Windows 10
  2. Install Docker Swarm Ubuntu 16.04
  3. Install Docker Swarm Ubuntu 20.04
  4. Docker Swarm Install Ubuntu Free

Notice that docker-ce is not installed, but the candidate for installation is from the Docker repository for Ubuntu 18.04 ( bionic ). Finally, install Docker: sudo apt install docker-ce. Docker should now be installed, the daemon started, and the process enabled to start on boot. This post describes the installation of Docker swarm using Ubuntu 18.04 server virtual machines running on top of VMware vSphere. After the installation and spinning up some container for ESXi, Ubuntu Linux and Docker Swarm. This step is the preparation for a future post that covers monitoring of Docker Swarm and all components. In this guide we will go through the steps on setting up a 3 node Docker Swarm. For more detailed information, and setting up a scalable application have a look at this post. Getting Started: Bootstrap Docker Swarm Setup with Docker Compose on Ubuntu 16.04: Installing Docker: Run the following on all 3 Nodes as the root user. In this article, we will go through the step-by-step instructions on configuring two nodes in Docker Swarm cluster. The master node is on Ubuntu 16, and worker node is on CentOS 7. Prerequisites to install Docker Swarm. Two VPSs: one running Ubuntu 16.04 and a VPS running or CentOS 7. A non-root, sudo-enabled user.

Introduction

In my previous blog, I talked about the differences between containers and traditional virtual machines. Docker’s technology is unique because it focuses on the requirements of developers and systems operators to separate application dependencies from infrastructure.

Success in the Linux world also drove a partnership with Microsoft that brought Docker containers and its functionality to Windows Server (sometimes referred to as Docker Windows containers). In this article, I first talk briefly about Docker components and tools and then share installation steps. But you can use this link if you would like to skip to the installation steps.

Docker Components and tools :

Docker swarm install ubuntu windows 10

Docker can package an application and its dependencies in a virtual container that can run on any Linux, Windows, or macOS computer. This enables the application to run in a variety of locations, such as on-premises, in a public cloud, and/or in a private cloud. When running on Linux, Docker uses the resource isolation features of the Linux kernel (such as cgroups and kernel namespaces) and a union-capable file system (such as OverlayFS) to allow containers to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines. Docker on macOS uses a Linux virtual machine to run the containers.

Components

The Docker software as a service offering consists of three components:

  • Software: The Docker daemon, called dockerd, is a persistent process that manages Docker containers and handles container objects. The daemon listens for requests sent via the Docker Engine API. The Docker client program, called docker, provides a command-line interface, CLI, that allows users to interact with Docker daemons.
  • Objects: Docker objects are various entities used to assemble an application in Docker. The main classes of Docker objects are images, containers, and services.
    • A Docker container is a standardized, encapsulated environment that runs applications. A container is managed using the Docker API or CLI.
    • A Docker image is a read-only template used to build containers. Images are used to store and ship applications.
    • A Docker service allows containers to be scaled across multiple Docker daemons. The result is known as a swarm, a set of cooperating daemons that communicate through the Docker API.
  • Registries: A Docker registry is a repository for Docker images. Docker clients connect to registries to download (“pull”) images for use or upload (“push”) images that they have built. Registries can be public or private. Two main public registries are Docker Hub and Docker Cloud. Docker Hub is the default registry where Docker looks for images. Docker registries also allow the creation of notifications based on events. In this blog I explain how you can setup your secure private docker registry with UI.

Tools

  • Docker Compose is a tool for defining and running multi-container Docker applications. It uses YAML files to configure the application’s services and performs the creation and start-up process of all the containers with a single command. The docker-compose CLI utility allows users to run commands on multiple containers at once, for example, building images, scaling containers, running containers that were stopped, and more. Commands related to image manipulation, or user-interactive options, are not relevant in Docker Compose because they address one container. The docker-compose.yml file is used to define an application’s services and includes various configuration options. For example, the build option defines configuration options such as the Dockerfile path, the command option allows one to override default Docker commands, and more.
  • Docker Swarm provides native clustering functionality for Docker containers, which turns a group of Docker engines into a single virtual Docker engine. In Docker 1.12 and higher, Swarm mode is integrated with Docker Engine. The docker swarm CLI utility allows users to run Swarm containers, create discovery tokens, list nodes in the cluster, and more. The docker node CLI utility allows users to run various commands to manage nodes in a swarm, for example, listing the nodes in a swarm, updating nodes, and removing nodes from the swarm. Docker manages swarms using the Raft consensus algorithm. According to Raft, for an update to be performed, the majority of Swarm nodes need to agree on the update.
  • Docker Volume If you copy or create a file in a container, when you stop that container that file (and any other files created or copied) will be deleted. Docker Volume is a solution for this issue. Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.

Script to install docker and docker-compose on Ubuntu

Below script adds all the required repositories and installs dependencies as well. You can paste and run it as-it-is for setting up docker and docker-compose

Docker Engine-Community 支持以下的 Ubuntu 版本:

The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash. It seems that docker cannot run inside WSL. What they propose is to connect the WSL to your docker desktop running in windows: Setting Up Docker for Windows and WSL. In the docker forums they also refer to that solution: Cannot connect to the docker daemon. Hope that helps.

  • Xenial 16.04 (LTS)
  • Bionic 18.04 (LTS)
  • Cosmic 18.10
  • Disco 19.04
  • 其他更新的版本……

Docker Engine - Community 支持上 x86_64(或 amd64)armhf,arm64,s390x (IBM Z),和 ppc64le(IBM的Power)架构。

使用官方安装脚本自动安装

安装命令如下:

也可以使用国内 daocloud 一键安装命令:

手动安装

卸载旧版本

Docker 的旧版本被称为 docker,docker.io 或 docker-engine 。如果已安装,请卸载它们:

当前称为 Docker Engine-Community 软件包 docker-ce 。

安装 Docker Engine-Community,以下介绍两种方式。

使用 Docker 仓库进行安装

Ubuntu Install Docker Swarm Command

在新主机上首次安装 Docker Engine-Community 之前,需要设置 Docker 仓库。之后,您可以从仓库安装和更新 Docker 。

设置仓库

更新 apt 包索引。

安装 apt 依赖包,用于通过HTTPS来获取仓库:

$ sudoapt-get install
apt-transport-https
ca-certificates
curl
gnupg-agent
software-properties-common

添加 Docker 的官方 GPG 密钥:

9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 通过搜索指纹的后8个字符,验证您现在是否拥有带有指纹的密钥。

Ubuntu 20.04 Install Docker Swarm

$ sudoapt-key fingerprint 0EBFCD88
pub rsa4096 2017-02-22[SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb)<docker@docker.com>
sub rsa4096 2017-02-22[S]

使用以下指令设置稳定版仓库

$ sudo add-apt-repository
'deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/
$(lsb_release -cs)
stable'

安装 Docker Engine-Community

更新 apt 包索引。

安装最新版本的 Docker Engine-Community 和 containerd ,或者转到下一步安装特定版本:

要安装特定版本的 Docker Engine-Community,请在仓库中列出可用版本,然后选择一种安装。列出您的仓库中可用的版本:

$ apt-cache madison docker-ce
docker-ce 5:18.09.1~3-0~ubuntu-xenial https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu xenial/stable amd64 Packages
docker-ce 5:18.09.0~3-0~ubuntu-xenial https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu xenial/stable amd64 Packages
docker-ce 18.06.1~ce~3-0~ubuntu https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu xenial/stable amd64 Packages
docker-ce 18.06.0~ce~3-0~ubuntu https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu xenial/stable amd64 Packages
...

使用第二列中的版本字符串安装特定版本,例如 5:18.09.1~3-0~ubuntu-xenial。

测试 Docker 是否安装成功,输入以下指令,打印出以下信息则安装成功:

$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the 'hello-world' image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/

使用 Shell 脚本进行安装

Docker 在 get.docker.com 和 test.docker.com 上提供了方便脚本,用于将快速安装 Docker Engine-Community 的边缘版本和测试版本。脚本的源代码在 docker-install 仓库中。 不建议在生产环境中使用这些脚本,在使用它们之前,您应该了解潜在的风险:

  • 脚本需要运行 root 或具有 sudo 特权。因此,在运行脚本之前,应仔细检查和审核脚本。

  • 这些脚本尝试检测 Linux 发行版和版本,并为您配置软件包管理系统。此外,脚本不允许您自定义任何安装参数。从 Docker 的角度或您自己组织的准则和标准的角度来看,这可能导致不支持的配置。

  • 这些脚本将安装软件包管理器的所有依赖项和建议,而无需进行确认。这可能会安装大量软件包,具体取决于主机的当前配置。

  • 该脚本未提供用于指定要安装哪个版本的 Docker 的选项,而是安装了在 edge 通道中发布的最新版本。

  • 如果已使用其他机制将 Docker 安装在主机上,请不要使用便捷脚本。

本示例使用 get.docker.com 上的脚本在 Linux 上安装最新版本的Docker Engine-Community。要安装最新的测试版本,请改用 test.docker.com。在下面的每个命令,取代每次出现 get 用 test。

如果要使用 Docker 作为非 root 用户,则应考虑使用类似以下方式将用户添加到 docker 组:

Estimated reading time: 18 minutes

This page contains information about hosting your own registry using theopen source Docker Registry. For information about Docker Hub, which offers ahosted registry with additional features such as teams, organizations, webhooks, automated builds, etc, see Docker Hub.

Ubuntu

Before you can deploy a registry, you need to install Docker on the host.A registry is an instance of the registry image, and runs within Docker.

Docker Swarm Install Ubuntu Windows 10

This topic provides basic information about deploying and configuring aregistry. For an exhaustive list of configuration options, see theconfiguration reference.

If you have an air-gapped datacenter, seeConsiderations for air-gapped registries.

Run a local registry

Use a command like the following to start the registry container:

The registry is now ready to use.

Warning: These first few examples show registry configurations that areonly appropriate for testing. A production-ready registry must be protected byTLS and should ideally use an access-control mechanism. Keep reading and thencontinue to the configuration guide to deploy aproduction-ready registry.

Copy an image from Docker Hub to your registry

You can pull an image from Docker Hub and push it to your registry. Thefollowing example pulls the ubuntu:16.04 image from Docker Hub and re-tags itas my-ubuntu, then pushes it to the local registry. Finally, theubuntu:16.04 and my-ubuntu images are deleted locally and themy-ubuntu image is pulled from the local registry.

  1. Pull the ubuntu:16.04 image from Docker Hub.

  2. Tag the image as localhost:5000/my-ubuntu. This creates an additional tagfor the existing image. When the first part of the tag is a hostname andport, Docker interprets this as the location of a registry, when pushing.

  3. Push the image to the local registry running at localhost:5000:

  4. Remove the locally-cached ubuntu:16.04 and localhost:5000/my-ubuntuimages, so that you can test pulling the image from your registry. Thisdoes not remove the localhost:5000/my-ubuntu image from your registry.

  5. Pull the localhost:5000/my-ubuntu image from your local registry.

Stop a local registry

Ubuntu Install Docker Swarm Linux

To stop the registry, use the same docker container stop command as with any othercontainer.

To remove the container, use docker container rm.

Basic configuration

To configure the container, you can pass additional or modified options to thedocker run command.

The following sections provide basic guidelines for configuring your registry.For more details, see the registry configuration reference.

Start the registry automatically

If you want to use the registry as part of your permanent infrastructure, youshould set it to restart automatically when Docker restarts or if it exits.This example uses the --restart always flag to set a restart policy for theregistry.

How To Install Docker Swarm On Centos 7

Customize the published port

If you are already using port 5000, or you want to run multiple localregistries to separate areas of concern, you can customize the registry’sport settings. This example runs the registry on port 5001 and also names itregistry-test. Remember, the first part of the -p value is the host portand the second part is the port within the container. Within the container, theregistry listens on port 5000 by default.

If you want to change the port the registry listens on within the container, youcan use the environment variable REGISTRY_HTTP_ADDR to change it. This commandcauses the registry to listen on port 5001 within the container:

Storage customization

Customize the storage location

By default, your registry data is persisted as a docker volumeon the host filesystem. If you want to store your registry contents at a specificlocation on your host filesystem, such as if you have an SSD or SAN mounted intoa particular directory, you might decide to use a bind mount instead. A bind mountis more dependent on the filesystem layout of the Docker host, but more performantin many situations. The following example bind-mounts the host directory/mnt/registry into the registry container at /var/lib/registry/.

Customize the storage back-end

By default, the registry stores its data on the local filesystem, whether youuse a bind mount or a volume. You can store the registry data in an Amazon S3bucket, Google Cloud Platform, or on another storage back-end by usingstorage drivers. For more information, seestorage configuration options.

Run an externally-accessible registry

Running a registry only accessible on localhost has limited usefulness. Inorder to make your registry accessible to external hosts, you must first secureit using TLS.

This example is extended in Run the registry as aservice below.

Get a certificate

These examples assume the following:

  • Your registry URL is https://myregistry.domain.com/.
  • Your DNS, routing, and firewall settings allow access to the registry’s hoston port 443.
  • You have already obtained a certificate from a certificate authority (CA).

If you have been issued an intermediate certificate instead, seeuse an intermediate certificate.

  1. Create a certs directory.

    Copy the .crt and .key files from the CA into the certs directory.The following steps assume that the files are named domain.crt anddomain.key.

  2. Stop the registry if it is currently running.

  3. Restart the registry, directing it to use the TLS certificate. This commandbind-mounts the certs/ directory into the container at /certs/, and setsenvironment variables that tell the container where to find the domain.crtand domain.key file. The registry runs on port 443, the default HTTPS port.

  4. Docker clients can now pull from and push to your registry using itsexternal address. The following commands demonstrate this:

Use an intermediate certificate

A certificate issuer may supply you with an intermediate certificate. In thiscase, you must concatenate your certificate with the intermediate certificate toform a certificate bundle. You can do this using the cat command:

You can use the certificate bundle just as you use the domain.crt file inthe previous example.

Support for Let’s Encrypt

The registry supports using Let’s Encrypt to automatically obtain abrowser-trusted certificate. For more information on Let’s Encrypt, seehttps://letsencrypt.org/how-it-works/and the relevant section of theregistry configuration.

Use an insecure registry (testing only)

It is possible to use a self-signed certificate, or to use our registryinsecurely. Unless you have set up verification for your self-signedcertificate, this is for testing only. See run an insecure registry.

Run the registry as a service

Swarm services provide several advantages overstandalone containers. They use a declarative model, which means that you definethe desired state and Docker works to keep your service in that state. Servicesprovide automatic load balancing scaling, and the ability to control thedistribution of your service, among other advantages. Services also allow you tostore sensitive data such as TLS certificates insecrets.

The storage back-end you use determines whether you use a fully scaled serviceor a service with either only a single node or a node constraint.

  • If you use a distributed storage driver, such as Amazon S3, you can use afully replicated service. Each worker can write to the storage back-endwithout causing write conflicts.

  • If you use a local bind mount or volume, each worker node writes to itsown storage location, which means that each registry contains a differentdata set. You can solve this problem by using a single-replica service and anode constraint to ensure that only a single worker is writing to the bindmount.

The following example starts a registry as a single-replica service, which isaccessible on any swarm node on port 80. It assumes you are using the sameTLS certificates as in the previous examples.

First, save the TLS certificate and key as secrets:

Next, add a label to the node where you want to run the registry.To get the node’s name, use docker node ls. Substitute your node’s name fornode1 below.

Next, create the service, granting it access to the two secrets and constrainingit to only run on nodes with the label registry=true. Besides the constraint,you are also specifying that only a single replica should run at a time. Theexample bind-mounts /mnt/registry on the swarm node to /var/lib/registry/within the container. Bind mounts rely on the pre-existing source directory,so be sure /mnt/registry exists on node1. You might need to create it beforerunning the following docker service create command.

By default, secrets are mounted into a service at /run/secrets/<secret-name>.

You can access the service on port 443 of any swarm node. Docker sends therequests to the node which is running the service.

Load balancing considerations

One may want to use a load balancer to distribute load, terminate TLS orprovide high availability. While a full load balancing setup is outside thescope of this document, there are a few considerations that can make the processsmoother.

The most important aspect is that a load balanced cluster of registries mustshare the same resources. For the current version of the registry, this meansthe following must be the same:

  • Storage Driver
  • HTTP Secret
  • Redis Cache (if configured)

Differences in any of the above cause problems serving requests.As an example, if you’re using the filesystem driver, all registry instancesmust have access to the same filesystem root, onthe same machine. For other drivers, such as S3 or Azure, they should beaccessing the same resource and share an identical configuration.The HTTP Secret coordinates uploads, so also must be the same acrossinstances. Configuring different redis instances works (at the timeof writing), but is not optimal if the instances are not shared, becausemore requests are directed to the backend.

Important/Required HTTP-Headers

Getting the headers correct is very important. For all responses to anyrequest under the “/v2/” url space, the Docker-Distribution-API-Versionheader should be set to the value “registry/2.0”, even for a 4xx response.This header allows the docker engine to quickly resolve authentication realmsand fallback to version 1 registries, if necessary. Confirming this is setupcorrectly can help avoid problems with fallback.

How To Install Docker Swarm On Ubuntu 18.04

In the same train of thought, you must make sure you are properly sending theX-Forwarded-Proto, X-Forwarded-For, and Host headers to their “client-side”values. Failure to do so usually makes the registry issue redirects to internalhostnames or downgrading from https to http.

How To Install Docker Swarm On Ubuntu 16.04

A properly secured registry should return 401 when the “/v2/” endpoint is hitwithout credentials. The response should include a WWW-Authenticatechallenge, providing guidance on how to authenticate, such as with basic author a token service. If the load balancer has health checks, it is recommendedto configure it to consider a 401 response as healthy and any other as down.This secures your registry by ensuring that configuration problems withauthentication don’t accidentally expose an unprotected registry. If you’reusing a less sophisticated load balancer, such as Amazon’s Elastic LoadBalancer, that doesn’t allow one to change the healthy response code, healthchecks can be directed at “/”, which always returns a 200 OK response.

Restricting access

Except for registries running on secure local networks, registries should alwaysimplement access restrictions.

Native basic auth

The simplest way to achieve access restriction is through basic authentication(this is very similar to other web servers’ basic authentication mechanism).This example uses native basic authentication using htpasswd to store thesecrets.

Warning:You cannot use authentication with authentication schemes that sendcredentials as clear text. You mustconfigure TLS first forauthentication to work.

  1. Create a password file with one entry for the user testuser, with passwordtestpassword:

  2. Stop the registry.

  3. Start the registry with basic authentication.

  4. Try to pull an image from the registry, or push an image to the registry.These commands fail.

  5. Log in to the registry.

    Provide the username and password from the first step.

    Test that you can now pull an image from the registry or push an image tothe registry.

X509 errors: X509 errors usually indicate that you are attempting to usea self-signed certificate without configuring the Docker daemon correctly.See run an insecure registry.

More advanced authentication

You may want to leverage more advanced basic auth implementations by using aproxy in front of the registry. See the recipes list.

The registry also supports delegated authentication which redirects users to aspecific trusted token server. This approach is more complicated to set up, andonly makes sense if you need to fully configure ACLs and need more control overthe registry’s integration into your global authorization and authenticationsystems. Refer to the following background information andconfiguration information here.

This approach requires you to implement your own authentication system orleverage a third-party implementation.

Deploy your registry using a Compose file

If your registry invocation is advanced, it may be easier to use a Dockercompose file to deploy it, rather than relying on a specific docker runinvocation. Use the following example docker-compose.yml as a template.

Install Docker Swarm Ubuntu 16.04

Replace /path with the directory which contains the certs/ and auth/directories.

Start your registry by issuing the following command in the directory containingthe docker-compose.yml file:

Considerations for air-gapped registries

You can run a registry in an environment with no internet connectivity.However, if you rely on any images which are not local, you need to consider thefollowing:

  • You may need to build your local registry’s data volume on a connectedhost where you can run docker pull to get any images which are availableremotely, and then migrate the registry’s data volume to the air-gappednetwork.

  • Certain images, such as the official Microsoft Windows base images, are notdistributable. This means that when you push an image based on one of theseimages to your private registry, the non-distributable layers are notpushed, but are always fetched from their authorized location. This is finefor internet-connected hosts, but not in an air-gapped set-up.

    You can configure the Docker daemon to allow pushing non-distributable layers to private registries.This is only useful in air-gapped set-ups in the presence ofnon-distributable images, or in extremely bandwidth-limited situations.You are responsible for ensuring that you are in compliance with the terms ofuse for non-distributable layers.

    1. Edit the daemon.json file, which is located in /etc/docker/ on Linuxhosts and C:ProgramDatadockerconfigdaemon.json on Windows Server.Assuming the file was previously empty, add the following contents:

      The value is an array of registry addresses, separated by commas.

      Save and exit the file.

    2. Restart Docker.

    3. Restart the registry if it does not start automatically.

    4. When you push images to the registries in the list, theirnon-distributable layers are pushed to the registry.

      Warning: Non-distributable artifacts typically have restrictions onhow and where they can be distributed and shared. Only use this featureto push artifacts to private registries and ensure that you are incompliance with any terms that cover redistributing non-distributableartifacts.

Install Docker Swarm Ubuntu 20.04

Next steps

More specific and advanced information is available in the following sections:

Ubuntu Install Docker Swarm

Docker Swarm Install Ubuntu Free

registry, on-prem, images, tags, repository, distribution, deploymentComments are closed.
Comments are closed.