Globalni WP Hosting – Docker
Mam pripravene servery s hromadnou spravou a muzu se tedy pustit do dalsiho vyvoje. Za posledni roky jsem si docela oblibil fungovani aplikacnich kontaineru – vyuzivame to i na nasem hostingu – tak proc toho nevyuzit i tady ? Trebas v prubehu serialu zmenim nazor, ale zatim se k tomu nemam 🙂 Proc vlastne Docker ? Zcela na rovinu – Kubernates je na me proste slozitej, nedelam s nim, neumim ho a asi jsem uz „stara“ skola, neb se ho ucit ani moc nechci. Docker je preci jen jednodussi ve vsech smerech – sice mozna neumi nektere vychytavky, ale pro nas ucet muze slouzit dobre … a nebo ne ? Uvidime.
Instalace
Pro instalaci aktualni verze na Debian 10 neni nic jednodussiho, nez nasledovat navod primo z dokumentace dockeru – https://docs.docker.com/engine/install/debian/
Protoze docker nebudem vyuzivat lokalne, ale spojime veskere nase servery do „clusteru“, budem vyuzivat Docker Swarm, coz je k tomu urceny rezim.
Nas manage node bude zaroven slouzit i jako manager celemu clusteru, a proto ho nainstalujeme nejprve:
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" apt-get update apt-get install docker-ce docker-ce-cli containerd.io
A rychly check, ze to funguje:
root@manage:~# service docker status ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-11-17 21:38:42 UTC; 1min 41s ago Docs: https://docs.docker.com Main PID: 15101 (dockerd) Tasks: 10 Memory: 42.2M CGroup: /system.slice/docker.service └─15101 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root@manage:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Swarm
A muzeme ziniciovat SWARM:
root@manage:~# docker swarm init Swarm initialized: current node (r47wnl6japeplqkkwy799ktjp) is now a manager. To add a worker to this swarm, run the following command: docker swarm join --token <TOKEN> 192.248.xx.xx:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
Pripojeni klientu
V tuhle chvili potrebujeme nainstaloval docker na jednotlive geo servery a pripojit do swarmu jako klienty. Za normalniho stavu kdy tu mame 5 serveru bych mohl udelat jednoduse copy&paste do terminalu a bylo by hotovo. Protoze ale do budoucna je planu serveru hodne a nikdo se s tim nechce babrat, vyuziju prave Ansible z minuleho clanku.
Pridame do naseho global.yaml nasledujici ulohy:
- name: Install required system packages apt: name={{ item }} state=latest update_cache=yes loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'python3-pip', 'virtualenv', 'python3-setuptools'] - name: Add Docker GPG apt Key apt_key: url: https://download.docker.com/linux/debian/gpg state: present - name: Add Docker Repository apt_repository: repo: deb https://download.docker.com/linux/debian buster stable state: present - name: Update apt and install docker-ce apt: update_cache=yes name=docker-ce state=latest force_apt_get=yes - name: Install Docker Module for Python pip: name: docker - name: Add nodes community.general.docker_swarm: state: join join_token: <TOKEN> remote_addrs: [ '192.248.xx.xx:2377' ]
Jeste pred spustenim musime na nasem manager node nainstalovat potrebne scripty pro praci Ansible s Dockerem:
ansible-galaxy collection install community.general
- Prvni uloha nainstaluje potrebne balicky pro pridani Docker repozitare a instalaci Docker CE a knihovny pro Python.
- Druha uloha prida GPG klice k apt repozitari
- Treti uloha provede instalaci docker-ce
- Ctvrta uloha pak doinstaluje modul docker do Pythonu.
- A posledni uloha nam pripojeni server do swarmu
Kontrola
Nakonec si vypiseme seznam nodu swarmu:
root@manage:~# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION 5dd02oubheykgpp5qbthbyuri au1 Ready Active 19.03.13 krk0cd1e3t3kw489tm2pebfb3 de1 Ready Active 19.03.13 ei0bvuqgiwzekumannip241hx fr1 Ready Active 19.03.13 dsmrfasgc90v9120y2o8xq5rk jp1 Ready Active 19.03.13 r47wnl6japeplqkkwy799ktjp * manage Ready Active Leader 19.03.13 4eva0ao0tu4fh6enpy1icqup6 sg1 Ready Active 19.03.13 fm12egav41lnwro7h64xhmdy3 us2 Ready Active 19.03.13
Monitoring
Na zaver jsem si jeste sprovoznil monitoring nodu/sluzeb v ramci Dockeru. Vychazim z swarmprom – viz clanek: https://dzone.com/articles/swarmprom-prometheus-monitoring-for-docker-swarm protoze ho pouzivam jiz jinde a rekl bych ze celkem ke spokojenosti.
Instalace je primitivni:
root@manage:/usr/src# cd /usr/src root@manage:/usr/src# git clone https://github.com/stefanprodan/swarmprom.git root@manage:/usr/src# cd /usr/src/swarmprom root@manage:/usr/src/swarmprom# docker stack deploy -c docker-compose.yml mon Creating network mon_net Creating config mon_caddy_config Creating config mon_dockerd_config Creating config mon_node_rules Creating config mon_task_rules Creating service mon_caddy Creating service mon_dockerd-exporter Creating service mon_cadvisor Creating service mon_grafana Creating service mon_alertmanager Creating service mon_unsee Creating service mon_node-exporter Creating service mon_prometheus root@manage:/usr/src/swarmprom# docker service ls ID NAME MODE REPLICAS IMAGE PORTS 6bui40pqktws mon_alertmanager replicated 1/1 stefanprodan/swarmprom-alertmanager:v0.14.0 m9bf9p1bipxx mon_caddy replicated 1/1 stefanprodan/caddy:latest *:3000->3000/tcp, *:9090->9090/tcp, *:9093-9094->9093-9094/tcp oky1g04kfrib mon_cadvisor global 7/7 google/cadvisor:latest d4turteegg60 mon_dockerd-exporter global 7/7 stefanprodan/caddy:latest tvvhfdryph8m mon_grafana replicated 1/1 stefanprodan/swarmprom-grafana:5.3.4 6501b2gp6gxx mon_node-exporter global 7/7 stefanprodan/swarmprom-node-exporter:v0.16.0 y12eipjmfsqj mon_prometheus replicated 1/1 stefanprodan/swarmprom-prometheus:v2.5.0 f57y5pv7wpq8 mon_unsee replicated 1/1 cloudflare/unsee:v0.8.0 root@manage:/usr/src/swarmprom# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 684c967835cd stefanprodan/swarmprom-prometheus:v2.5.0 "/etc/prometheus/doc…" 2 minutes ago Up 2 minutes 9090/tcp mon_prometheus.1.81crzld8hol1f66n9e3x0zahd ff1c32901109 stefanprodan/swarmprom-node-exporter:v0.16.0 "/etc/node-exporter/…" 2 minutes ago Up 2 minutes 9100/tcp mon_node-exporter.r47wnl6japeplqkkwy799ktjp.erf8g5i597e0zsmpdbrlir1vx 874c158d933d stefanprodan/swarmprom-alertmanager:v0.14.0 "/etc/alertmanager/d…" 2 minutes ago Up 2 minutes 9093/tcp mon_alertmanager.1.tjtjzayjuz1gsk11obv6l6w8x db4f75679c99 stefanprodan/swarmprom-grafana:5.3.4 "/run.sh" 2 minutes ago Up 2 minutes 3000/tcp mon_grafana.1.jrvlbnyygfg14s17pits81o18 a4abbcd30cc2 google/cadvisor:latest "/usr/bin/cadvisor -…" 2 minutes ago Up 2 minutes 8080/tcp mon_cadvisor.r47wnl6japeplqkkwy799ktjp.crvyg8vkyl2hg7i762nnxgehs 09c03bab5bed stefanprodan/caddy:latest "/sbin/tini -- caddy…" 2 minutes ago Up 2 minutes mon_dockerd-exporter.r47wnl6japeplqkkwy799ktjp.f3r2hfmwqqz5egk4mjzoe3r24 44b6dcd84d65 stefanprodan/caddy:latest "/sbin/tini -- caddy…" 3 minutes ago Up 3 minutes (healthy) mon_caddy.1.9fqq8ulzy1p74ggn4f7fywk18
A ve finale na http://manager:3000 vyuziju prvni prihlaseni admin/admin , nastavim nove heslo a ziskam predpripravenou Grafanu na monitoring jednotlivych Docker nodu a sluzeb: