Globalni WP Hosting – Docker

Mam pripravene servery s hromadnou spravou a muzu se tedy pustit do dalsiho vyvoje. Za posledni roky jsem si docela oblibil fungovani aplikacnich kontaineru – vyuzivame to i na nasem hostingu – tak proc toho nevyuzit i tady ? Trebas v prubehu serialu zmenim nazor, ale zatim se k tomu nemam 🙂 Proc vlastne Docker ? Zcela na rovinu – Kubernates je na me proste slozitej, nedelam s nim, neumim ho a asi jsem uz „stara“ skola, neb se ho ucit ani moc nechci. Docker je preci jen jednodussi ve vsech smerech – sice mozna neumi nektere vychytavky, ale pro nas ucet muze slouzit dobre … a nebo ne ? Uvidime.

Instalace

Pro instalaci aktualni verze na Debian 10 neni nic jednodussiho, nez nasledovat navod primo z dokumentace dockeru – https://docs.docker.com/engine/install/debian/

Protoze docker nebudem vyuzivat lokalne, ale spojime veskere nase servery do „clusteru“, budem vyuzivat Docker Swarm, coz je k tomu urceny rezim.

Nas manage node bude zaroven slouzit i jako manager celemu clusteru, a proto ho nainstalujeme nejprve:

apt-get install  apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io

A rychly check, ze to funguje:

root@manage:~# service docker status
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-11-17 21:38:42 UTC; 1min 41s ago
     Docs: https://docs.docker.com
 Main PID: 15101 (dockerd)
    Tasks: 10
   Memory: 42.2M
   CGroup: /system.slice/docker.service
           └─15101 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

root@manage:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

 

Swarm

A muzeme ziniciovat SWARM:

root@manage:~# docker swarm init
Swarm initialized: current node (r47wnl6japeplqkkwy799ktjp) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token <TOKEN> 192.248.xx.xx:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

 

Pripojeni klientu

V tuhle chvili potrebujeme nainstaloval docker na jednotlive geo servery a pripojit do swarmu jako klienty. Za normalniho stavu kdy tu mame 5 serveru bych mohl udelat jednoduse copy&paste do terminalu a bylo by hotovo. Protoze ale do budoucna je planu serveru hodne a nikdo se s tim nechce babrat, vyuziju prave Ansible z minuleho clanku.

Pridame do naseho global.yaml nasledujici ulohy:

- name: Install required system packages
  apt: name={{ item }} state=latest update_cache=yes
  loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'python3-pip', 'virtualenv', 'python3-setuptools']

- name: Add Docker GPG apt Key
  apt_key:
    url: https://download.docker.com/linux/debian/gpg
    state: present

- name: Add Docker Repository
  apt_repository:
    repo: deb https://download.docker.com/linux/debian buster stable
    state: present

- name: Update apt and install docker-ce
  apt: update_cache=yes name=docker-ce state=latest force_apt_get=yes

- name: Install Docker Module for Python
  pip:
    name: docker

- name: Add nodes
  community.general.docker_swarm:
    state: join
    join_token: <TOKEN>
    remote_addrs: [ '192.248.xx.xx:2377' ]

Jeste pred spustenim musime na nasem manager node nainstalovat potrebne scripty pro praci Ansible s Dockerem:

ansible-galaxy collection install community.general
  • Prvni uloha nainstaluje potrebne balicky pro pridani Docker repozitare a instalaci Docker CE a knihovny pro Python.
  • Druha uloha prida GPG klice k apt repozitari
  • Treti uloha provede instalaci docker-ce
  • Ctvrta uloha pak doinstaluje modul docker do Pythonu.
  • A posledni uloha nam pripojeni server do swarmu

Kontrola

Nakonec si vypiseme seznam nodu swarmu:

root@manage:~# docker node ls
ID                            HOSTNAME              STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
5dd02oubheykgpp5qbthbyuri     au1                   Ready               Active                                  19.03.13
krk0cd1e3t3kw489tm2pebfb3     de1                   Ready               Active                                  19.03.13
ei0bvuqgiwzekumannip241hx     fr1                   Ready               Active                                  19.03.13
dsmrfasgc90v9120y2o8xq5rk     jp1                   Ready               Active                                  19.03.13
r47wnl6japeplqkkwy799ktjp *   manage                Ready               Active              Leader              19.03.13
4eva0ao0tu4fh6enpy1icqup6     sg1                   Ready               Active                                  19.03.13
fm12egav41lnwro7h64xhmdy3     us2                   Ready               Active                                  19.03.13

Monitoring

Na zaver jsem si jeste sprovoznil monitoring nodu/sluzeb v ramci Dockeru. Vychazim z swarmprom – viz clanek: https://dzone.com/articles/swarmprom-prometheus-monitoring-for-docker-swarm protoze ho pouzivam jiz jinde a rekl bych ze celkem ke spokojenosti.

Instalace je primitivni:

root@manage:/usr/src# cd /usr/src
root@manage:/usr/src# git clone https://github.com/stefanprodan/swarmprom.git
root@manage:/usr/src# cd /usr/src/swarmprom
root@manage:/usr/src/swarmprom# docker stack deploy -c docker-compose.yml mon
Creating network mon_net
Creating config mon_caddy_config
Creating config mon_dockerd_config
Creating config mon_node_rules
Creating config mon_task_rules
Creating service mon_caddy
Creating service mon_dockerd-exporter
Creating service mon_cadvisor
Creating service mon_grafana
Creating service mon_alertmanager
Creating service mon_unsee
Creating service mon_node-exporter
Creating service mon_prometheus

root@manage:/usr/src/swarmprom# docker service ls
ID                  NAME                   MODE                REPLICAS            IMAGE                                          PORTS
6bui40pqktws        mon_alertmanager       replicated          1/1                 stefanprodan/swarmprom-alertmanager:v0.14.0
m9bf9p1bipxx        mon_caddy              replicated          1/1                 stefanprodan/caddy:latest                      *:3000->3000/tcp, *:9090->9090/tcp, *:9093-9094->9093-9094/tcp
oky1g04kfrib        mon_cadvisor           global              7/7                 google/cadvisor:latest
d4turteegg60        mon_dockerd-exporter   global              7/7                 stefanprodan/caddy:latest
tvvhfdryph8m        mon_grafana            replicated          1/1                 stefanprodan/swarmprom-grafana:5.3.4
6501b2gp6gxx        mon_node-exporter      global              7/7                 stefanprodan/swarmprom-node-exporter:v0.16.0
y12eipjmfsqj        mon_prometheus         replicated          1/1                 stefanprodan/swarmprom-prometheus:v2.5.0
f57y5pv7wpq8        mon_unsee              replicated          1/1                 cloudflare/unsee:v0.8.0

root@manage:/usr/src/swarmprom# docker ps
CONTAINER ID        IMAGE                                          COMMAND                  CREATED             STATUS                   PORTS               NAMES
684c967835cd        stefanprodan/swarmprom-prometheus:v2.5.0       "/etc/prometheus/doc…"   2 minutes ago       Up 2 minutes             9090/tcp            mon_prometheus.1.81crzld8hol1f66n9e3x0zahd
ff1c32901109        stefanprodan/swarmprom-node-exporter:v0.16.0   "/etc/node-exporter/…"   2 minutes ago       Up 2 minutes             9100/tcp            mon_node-exporter.r47wnl6japeplqkkwy799ktjp.erf8g5i597e0zsmpdbrlir1vx
874c158d933d        stefanprodan/swarmprom-alertmanager:v0.14.0    "/etc/alertmanager/d…"   2 minutes ago       Up 2 minutes             9093/tcp            mon_alertmanager.1.tjtjzayjuz1gsk11obv6l6w8x
db4f75679c99        stefanprodan/swarmprom-grafana:5.3.4           "/run.sh"                2 minutes ago       Up 2 minutes             3000/tcp            mon_grafana.1.jrvlbnyygfg14s17pits81o18
a4abbcd30cc2        google/cadvisor:latest                         "/usr/bin/cadvisor -…"   2 minutes ago       Up 2 minutes             8080/tcp            mon_cadvisor.r47wnl6japeplqkkwy799ktjp.crvyg8vkyl2hg7i762nnxgehs
09c03bab5bed        stefanprodan/caddy:latest                      "/sbin/tini -- caddy…"   2 minutes ago       Up 2 minutes                                 mon_dockerd-exporter.r47wnl6japeplqkkwy799ktjp.f3r2hfmwqqz5egk4mjzoe3r24
44b6dcd84d65        stefanprodan/caddy:latest                      "/sbin/tini -- caddy…"   3 minutes ago       Up 3 minutes (healthy)                       mon_caddy.1.9fqq8ulzy1p74ggn4f7fywk18

A ve finale na http://manager:3000 vyuziju prvni prihlaseni admin/admin , nastavim nove heslo a ziskam predpripravenou Grafanu na monitoring jednotlivych Docker nodu a sluzeb:

Napsat komentář

Vaše emailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *

Tato stránka používá Akismet k omezení spamu. Podívejte se, jak vaše data z komentářů zpracováváme..