cloudsoft.io

Swarm Cluster Tutorial

Introduction

This tutorial is focused on deploying a production ready Docker Swarm.

Pre-requisites

This tutorial assumes you have completed the getting started section of this website and have installed the Cloudsoft AMP CLI.

Overview

The production ready swarm cluster is comprised of the following components:

A load-balanced cluster of swarm managers

Swarm managers control a swarm’s nodes and dictate the node on which containers are deployed. We interact directly with the swarm manager cluster’s load balancer as if it were a single docker node. The load-balancer will redirect traffic to a healthy manager when a manager fails. The replacer policy will detect the failure and replace the failed manager.

A cluster of swarm nodes

These nodes are where docker containers are deployed to. The cluster has an AutoScalerPolicy and will scale up due to high CPU usage.

etcd Cluster

Used as a discovery backend for the swarm cluster.

CA Server

This is used to provide TLS certificates for the swarm cluster. This component is designed to be easily replaced. It is strongly recommended that this component is replaced with a production grade CA server of your choice.

Instructions

Setup a cloud location

Firstly, we need to setup a location to deploy the Swarm cluster to. We recommend the following settings:

  • use the installDevUrandom config to prevent installation speed being slowed by lack of entropy. See Entropy Troubleshooting
  • use at least 2GB RAM
  • use a CentOS 7 based image

Please note that we recommend the official Centos 7 images. Images from other providers may be less functional or incompatible.

The following catalog items should enable you to quickly get started on some popular clouds. Download the .bom file of the relevant cloud, add your credentials, and then run:

br add-catalog <CLOUD-PROVIDER>-example-location.bom

From your AMP Install, head to the AMP Welcome page. In the quick deploy section select “Docker Swarm with Discovery and CA” and select the location that that we setup in the previous step. You can also change some configuration options such as the minimum and maximum number of nodes. Once you are happy with the configuration press Deploy and your Swarm cluster will be created.

From your AMP Install, head to the Home tab. Click on “Add application” and select “Docker Swarm with Discovery and CA”, then click on “Next”. Select the location that that we setup in the previous step. You can also change some configuration options such as the minimum and maximum number of nodes. Once you are happy with the configuration, press “Deploy” and your Swarm cluster will be created.

To interact with the Swarm cluster, we first need to get certificates from the CA server. To do so, the following script can be used:

#!/usr/bin/env bash

# Utility script for developers to get a certificate from Swarm ca-server
# How to use: 
#     getcert.sh $HOME/.certs http://10.20.30.40:8080 
# (replace the address above with the IP of your CA server. This can be retrieved 
# from the `main.uri` sensor on the CA entity)

CERT_DIR=$1
CA=$2

set -e

mkdir -p ${CERT_DIR}
curl -L ${CA}/cacert/ca.pem --output ${CERT_DIR}/ca.pem
openssl genrsa -out ${CERT_DIR}/key.pem 2048
openssl req  -new -key ${CERT_DIR}/key.pem -days 1825 -out ${CERT_DIR}/csr.pem -subj "/CN=$(hostname)"
curl -X POST --data-binary @${CERT_DIR}/csr.pem ${CA}/sign > ${CERT_DIR}/cert.pem

To communicate with the cluster, you must communicate directly with the Swarm master. To do so, first retrieve the Swarm master URI and port. This can be found by checking for the “host.name” and “swarm.port” sensor. After, ensure you have the Docker CLI installed then set up the following environment variables:

export DOCKER_HOST=tcp://<Swarm Master URI & port>
export DOCKER_TLS_VERIFY=true
export DOCKER_CERT_PATH=<CERT_DIR>

You will now be able to run Docker commands against the Swarm cluster.

What’s next?

Jump into the documentation to learn more about Docker Swarm support in Clocker and have an in-depth overview.