Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » DOF600 - Prérequis » DOE600 - Course Presentation » DOF606 - Overlay Network Management with Docker in Swarm Mode

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision		Révision précédente
elearning:workbooks:docker3:en:dre05 [2023/12/17 05:26] – created adminelearning:workbooks:docker3:en:dre05 [2023/12/27 08:34] (Version actuelle) admin
Ligne 42: Ligne 42:
 Traffic linked to the management of swarm services is encrypted by default using the AES algorithm in GCM mode. In order to encrypt application-related data traffic, it is possible to use the **--opt encrypted** option when creating the overlay network. In this case, Docker creates IPSEC tunnels between each node using the same algorithm as the swarm services traffic. There is therefore a performance degradation to be assessed before going into production. In both cases the keys are changed every 12 hours (see [[https://www.vaultproject.io/docs/internals/rotation.html]]) Traffic linked to the management of swarm services is encrypted by default using the AES algorithm in GCM mode. In order to encrypt application-related data traffic, it is possible to use the **--opt encrypted** option when creating the overlay network. In this case, Docker creates IPSEC tunnels between each node using the same algorithm as the swarm services traffic. There is therefore a performance degradation to be assessed before going into production. In both cases the keys are changed every 12 hours (see [[https://www.vaultproject.io/docs/internals/rotation.html]])
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **CAUTION**: Encryption of application-related data is not compatible with Windows(tm). When connecting the Windows(tm) node to an encrypted overlay network, no errors will be reported. However the node will be unable to communicate. **CAUTION**: Encryption of application-related data is not compatible with Windows(tm). When connecting the Windows(tm) node to an encrypted overlay network, no errors will be reported. However the node will be unable to communicate.
 </WRAP> </WRAP>
Ligne 49: Ligne 49:
  
 <code> <code>
-trainee@traineeXX:~ssh -l trainee 10.0.2.62 +root@debian11:~ssh -l trainee 10.0.2.62 
-...+The authenticity of host '10.0.2.62 (10.0.2.62)' can't be established. 
 +ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE. 
 +Are you sure you want to continue connecting (yes/no/[fingerprint])? yes 
 +Warning: Permanently added '10.0.2.62' (ECDSA) to the list of known hosts. 
 +trainee@10.0.2.62's password: trainee 
 +Linux manager.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 
 + 
 +The programs included with the Debian GNU/Linux system are free software; 
 +the exact distribution terms for each program are described in the 
 +individual files in /usr/share/doc/*/copyright. 
 + 
 +Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
 +permitted by applicable law. 
 +Last login: Sun Jul 17 08:27:29 2022 from 10.0.2.1 
 +trainee@manager:~$ su - 
 +Mot de passe : fenestros 
 +root@manager:~# 
 root@manager:~# docker swarm leave root@manager:~# docker swarm leave
 Node left the swarm. Node left the swarm.
Ligne 61: Ligne 78:
  
 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
-root@manager:~# exit 
-trainee@manager:~# exit 
 </code> </code>
  
Ligne 68: Ligne 83:
  
 <code> <code>
-trainee@traineeXX:~ssh -l trainee 10.0.2.63 +root@manager:~ssh -l trainee 10.0.2.63 
-...+The authenticity of host '10.0.2.63 (10.0.2.63)' can't be established. 
 +ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE. 
 +Are you sure you want to continue connecting (yes/no)? yes 
 +Warning: Permanently added '10.0.2.63' (ECDSA) to the list of known hosts. 
 +trainee@10.0.2.63's password: trainee 
 +Linux worker1.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 
 + 
 +The programs included with the Debian GNU/Linux system are free software; 
 +the exact distribution terms for each program are described in the 
 +individual files in /usr/share/doc/*/copyright. 
 + 
 +Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
 +permitted by applicable law. 
 +Last login: Sun Mar 21 16:34:26 2021 from 10.0.2.11 
 +trainee@worker1:~$ su - 
 +Mot de passe : fenestros 
 +root@worker1:~# 
 root@worker1:~# docker swarm leave root@worker1:~# docker swarm leave
 Node left the swarm. Node left the swarm.
 +
 root@worker1:~# docker swarm join --token SWMTKN-1-23d7n1fkkk9rvlhty106q9390bfpf9daljjguq3s807le6c5qs-e0s1yqsajvmi7s8t9l9mw48ao 10.0.2.62:2377 root@worker1:~# docker swarm join --token SWMTKN-1-23d7n1fkkk9rvlhty106q9390bfpf9daljjguq3s807le6c5qs-e0s1yqsajvmi7s8t9l9mw48ao 10.0.2.62:2377
 This node joined a swarm as a worker. This node joined a swarm as a worker.
 +
 root@worker1:~# exit root@worker1:~# exit
-trainee@worker1:~exit+déconnexion 
 + 
 +trainee@worker1:~exit 
 +déconnexion 
 +Connection to 10.0.2.63 closed. 
 + 
 +root@manager:~# 
 </code> </code>
  
Ligne 81: Ligne 121:
  
 <code> <code>
-trainee@traineeXX:~ssh -l trainee 10.0.2.64 +root@manager:~ssh -l trainee 10.0.2.64 
-...+The authenticity of host '10.0.2.64 (10.0.2.64)' can't be established. 
 +ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE. 
 +Are you sure you want to continue connecting (yes/no)? yes 
 +Warning: Permanently added '10.0.2.64' (ECDSA) to the list of known hosts. 
 +trainee@10.0.2.64's password: trainee 
 +Linux worker2.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 
 + 
 +The programs included with the Debian GNU/Linux system are free software; 
 +the exact distribution terms for each program are described in the 
 +individual files in /usr/share/doc/*/copyright. 
 + 
 +Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
 +permitted by applicable law. 
 +Last login: Sun Mar 21 16:18:25 2021 from 10.0.2.11 
 +trainee@worker2:~$ su - 
 +Mot de passe : fenestros 
 +root@worker2:~#  
 root@worker2:~# docker swarm leave root@worker2:~# docker swarm leave
 Node left the swarm. Node left the swarm.
 +
 root@worker2:~# docker swarm join --token SWMTKN-1-23d7n1fkkk9rvlhty106q9390bfpf9daljjguq3s807le6c5qs-e0s1yqsajvmi7s8t9l9mw48ao 10.0.2.62:2377 root@worker2:~# docker swarm join --token SWMTKN-1-23d7n1fkkk9rvlhty106q9390bfpf9daljjguq3s807le6c5qs-e0s1yqsajvmi7s8t9l9mw48ao 10.0.2.62:2377
 This node joined a swarm as a worker. This node joined a swarm as a worker.
 +
 root@worker2:~# exit root@worker2:~# exit
-trainee@worker2:~exit+déconnexion 
 + 
 +trainee@worker2:~exit 
 +déconnexion 
 +Connection to 10.0.2.64 closed. 
 + 
 +root@manager:~# 
 </code> </code>
  
Ligne 94: Ligne 159:
  
 <code> <code>
-trainee@traineeXX:~$ ssh -l trainee 10.0.2.62 
-... 
 root@manager:~# docker node ls root@manager:~# docker node ls
-ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION +ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION 
-b85hxlixbr1mh1txd1hrfe4us * manager.i2tch.loc Ready Active Leader 19.03.4 +b85hxlixbr1mh1txd1hrfe4us *   manager.i2tch.loc   Ready               Active              Leader              19.03.4 
-4sui75vvdhmet4qvt0zbvzlzl worker1.i2tch.loc Ready Active 19.03.4 +4sui75vvdhmet4qvt0zbvzlzl     worker1.i2tch.loc   Ready               Active                                  19.03.4 
-lbjtg5o9kw3x6xg7frm07jfuw worker2.i2tch.loc Ready Active 19.03.4+lbjtg5o9kw3x6xg7frm07jfuw     worker2.i2tch.loc   Ready               Active                                  19.03.4
 root@manager:~# docker node ls --filter role=manager root@manager:~# docker node ls --filter role=manager
-ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION +ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION 
-b85hxlixbr1mh1txd1hrfe4us * manager.i2tch.loc Ready Active Leader 19.03.4+b85hxlixbr1mh1txd1hrfe4us *   manager.i2tch.loc   Ready               Active              Leader              19.03.4
 root@manager:~# docker node ls --filter role=worker root@manager:~# docker node ls --filter role=worker
-ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION +ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION 
-4sui75vvdhmet4qvt0zbvzlzl worker1.i2tch.loc Ready Active 19.03.4 +4sui75vvdhmet4qvt0zbvzlzl     worker1.i2tch.loc   Ready               Active                                  19.03.4 
-lbjtg5o9kw3x6xg7frm07jfuw worker2.i2tch.loc Ready Active 19.03.4+lbjtg5o9kw3x6xg7frm07jfuw     worker2.i2tch.loc   Ready               Active                                  19.03.4
 </code> </code>
  
Ligne 114: Ligne 177:
 <code> <code>
 root@manager:~# docker network ls root@manager:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-4edb7186dcc9 bridge bridge local +4edb7186dcc9        bridge              bridge              local 
-d4c9b0c9437a docker_gwbridge bridge local +d4c9b0c9437a        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round info 60%>+<WRAP center round info 50%>
 **Info**: The **docker_gwbridge** network connects the **ingress** network to the host's network adapter and therefore connects the Docker daemon to the other Docker daemons participating in swarm. **Info**: The **docker_gwbridge** network connects the **ingress** network to the host's network adapter and therefore connects the Docker daemon to the other Docker daemons participating in swarm.
 </WRAP> </WRAP>
  
-<WRAP center round tip 60%>+<WRAP center round tip 50%>
 **Best Practice** : Docker recommends using different overlay networks for each application or group of applications. **Best Practice** : Docker recommends using different overlay networks for each application or group of applications.
 </WRAP> </WRAP>
Ligne 138: Ligne 201:
 j57jhtug4kjxp22ai1y664lqr j57jhtug4kjxp22ai1y664lqr
 root@manager:~# docker network ls root@manager:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-dde514eea83f bridge bridge local +dde514eea83f        bridge              bridge              local 
-d4c9b0c9437a docker_gwbridge bridge local +d4c9b0c9437a        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-j57jhtug4kjx nginx-net overlay swarm +j57jhtug4kjx        nginx-net           overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-====.2 - Creating a Service====+====1.2 - Creating a Service====
  
 Create a nginx service that uses the **nginx-net** network: Create a nginx service that uses the **nginx-net** network:
Ligne 163: Ligne 226:
 </code> </code>
  
-<WRAP center round info 60%>+<WRAP center round info 50%>
 **Info** : The service publishes port 80, which is visible from the outside. Containers communicate with each other without opening additional ports. **Info** : The service publishes port 80, which is visible from the outside. Containers communicate with each other without opening additional ports.
 </WRAP> </WRAP>
Ligne 171: Ligne 234:
 <code> <code>
 root@manager:~# docker service ls root@manager:~# docker service ls
-ID NAME MODE REPLICAS IMAGE PORTS +ID                  NAME                MODE                REPLICAS            IMAGE               PORTS 
-fpydgix3e1rc my-nginx replicated 5/5 nginx:latest *:80->80/tcp+fpydgix3e1rc        my-nginx            replicated          5/5                 nginx:latest        *:80->80/tcp
 </code> </code>
  
Ligne 308: Ligne 371:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note here information about the ports and Endpoints used by the service. **Important**: Note here information about the ports and Endpoints used by the service.
 </WRAP> </WRAP>
  
-====.3 - Move the Service to another Network overlay====+====1.3 - Move the Service to another Network overlay====
  
 Check the overlay network **nginx-net** on the three nodes: Check the overlay network **nginx-net** on the three nodes:
Ligne 525: Ligne 588:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **nginx-net** network has been created automatically on both Workers. Also note the contents of the **Peers** section, which lists the nodes, as well as the **Containers** section, which lists the containers on each node that are connected to the overlay network. **Important**: Note that the **nginx-net** network has been created automatically on both Workers. Also note the contents of the **Peers** section, which lists the nodes, as well as the **Containers** section, which lists the containers on each node that are connected to the overlay network.
 </WRAP> </WRAP>
Ligne 554: Ligne 617:
 <code> <code>
 root@manager:~# docker service ls root@manager:~# docker service ls
-ID NAME MODE REPLICAS IMAGE PORTS +ID                  NAME                MODE                REPLICAS            IMAGE               PORTS 
-fpydgix3e1rc my-nginx replicated 5/5 nginx:latest *:80->80/tcp+fpydgix3e1rc        my-nginx            replicated          5/5                 nginx:latest        *:80->80/tcp
 </code> </code>
  
Ligne 675: Ligne 738:
 root@manager:~# docker service rm my-nginx root@manager:~# docker service rm my-nginx
 my-nginx my-nginx
 +
 root@manager:~# docker network rm nginx-net nginx-net-2 root@manager:~# docker network rm nginx-net nginx-net-2
 nginx-net nginx-net
Ligne 680: Ligne 744:
 </code> </code>
  
-====.4 - DNS container discovery====+====1.4 - DNS container discovery====
  
 The Docker daemon runs an embedded DNS server at address 127.0.0.11 that enables name resolution in a custom network. If this server is unable to perform the resolution, it transfers the request to any external server defined in the container. The Docker daemon runs an embedded DNS server at address 127.0.0.11 that enables name resolution in a custom network. If this server is unable to perform the resolution, it transfers the request to any external server defined in the container.
Ligne 698: Ligne 762:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **NETWORK-ID** here is **hrs25w4l951kkickhj6262mjg**. **Important**: Note that the **NETWORK-ID** here is **hrs25w4l951kkickhj6262mjg**.
 </WRAP> </WRAP>
Ligne 718: Ligne 782:
 <code> <code>
 root@worker1:~# docker network ls root@worker1:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-3fe43b514f9d bridge bridge local +3fe43b514f9d        bridge              bridge              local 
-ee22b3e623ca docker_gwbridge bridge local +ee22b3e623ca        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has not been created. **Important**: Note that the **test-net** network has not been created.
 </WRAP> </WRAP>
Ligne 746: Ligne 810:
 <code> <code>
 root@worker1:~# docker network ls root@worker1:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-3fe43b514f9d bridge bridge local +3fe43b514f9d        bridge              bridge              local 
-ee22b3e623ca docker_gwbridge bridge local +ee22b3e623ca        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-de563e30d473 none null local +de563e30d473        none                null                local 
-hrs25w4l951k test-net overlay swarm+hrs25w4l951k        test-net            overlay             swarm
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network, having the same **NETWORK ID**, was automatically created when the **alpine2** container was created.  **Important**: Note that the **test-net** network, having the same **NETWORK ID**, was automatically created when the **alpine2** container was created. 
 </WRAP> </WRAP>
Ligne 763: Ligne 827:
 <code> <code>
 root@worker2:~# docker network ls root@worker2:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-ff7308310f60 bridge bridge local +ff7308310f60        bridge              bridge              local 
-0ce1d8369c29 docker_gwbridge bridge local +0ce1d8369c29        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has not been created. **Important**: Note that the **test-net** network has not been created.
 </WRAP> </WRAP>
Ligne 779: Ligne 843:
 <code> <code>
 root@worker1:~# docker ps -a root@worker1:~# docker ps -a
-CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES 
-ce9097b864dc alpine "/bin/sh" 23 minutes ago Up 23 minutes alpine2+ce9097b864dc        alpine              "/bin/sh"           23 minutes ago      Up 23 minutes                           alpine2 
 root@worker1:~# docker attach alpine2 root@worker1:~# docker attach alpine2
 +/ # 
 +
 / # ping -c 2 alpine1 / # ping -c 2 alpine1
 PING alpine1 (10.0.2.2): 56 data bytes PING alpine1 (10.0.2.2): 56 data bytes
Ligne 797: Ligne 864:
 <code> <code>
 root@manager:~# docker attach alpine1 root@manager:~# docker attach alpine1
 +/ # 
 +
 / # ping -c 2 alpine2 / # ping -c 2 alpine2
 PING alpine2 (10.0.0.4): 56 data bytes PING alpine2 (10.0.0.4): 56 data bytes
Ligne 817: Ligne 886:
 Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d
 Status: Downloaded newer image for alpine:latest Status: Downloaded newer image for alpine:latest
 +/ # 
 +
 / # ping -c 2 alpine1 / # ping -c 2 alpine1
 PING alpine1 (10.0.2.2): 56 data bytes PING alpine1 (10.0.2.2): 56 data bytes
Ligne 839: Ligne 910:
 <code> <code>
 root@worker1:~# docker network ls root@worker1:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-3bb80f391804 bridge bridge local +3bb80f391804        bridge              bridge              local 
-ee22b3e623ca docker_gwbridge bridge local +ee22b3e623ca        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-r8htcvc8oxmz ingress overlay swarm +r8htcvc8oxmz        ingress             overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has been removed. **Important**: Note that the **test-net** network has been removed.
 </WRAP> </WRAP>
Ligne 862: Ligne 933:
 <code> <code>
 / # exit / # exit
 +
 root@manager:~# docker container stop alpine1 root@manager:~# docker container stop alpine1
 alpine1 alpine1
 +
 root@manager:~# docker network ls root@manager:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-a604e7db6f95 bridge bridge local +a604e7db6f95        bridge              bridge              local 
-d4c9b0c9437a docker_gwbridge bridge local +d4c9b0c9437a        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-jxu667wzmj2u ingress overlay swarm +jxu667wzmj2u        ingress             overlay             swarm 
-de563e30d473 none null local +de563e30d473        none                null                local 
-518l09lcjhsp test-net overlay swarm+518l09lcjhsp        test-net            overlay             swarm 
 root@manager:~# docker network rm test-net root@manager:~# docker network rm test-net
 test-net test-net
 </code> </code>
  
-====2.5 - Creating a Custom Network overlay====+====1.5 - Creating a Custom Network overlay====
  
 It is possible to create a custom overlay network. In this case, the existing ingress network must be deleted: It is possible to create a custom overlay network. In this case, the existing ingress network must be deleted:
Ligne 892: Ligne 966:
 root@manager:~# docker network create --driver overlay --ingress --subnet=10.11.0.0/16 --gateway=10.11.0.2 --opt com.docker.network.driver.mtu=1200 my-ingress root@manager:~# docker network create --driver overlay --ingress --subnet=10.11.0.0/16 --gateway=10.11.0.2 --opt com.docker.network.driver.mtu=1200 my-ingress
 44ozn3vtg23zkksrvloxuulcl 44ozn3vtg23zkksrvloxuulcl
 +
 root@manager:~# docker network ls root@manager:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-24be8a0f0ef5 bridge bridge local +24be8a0f0ef5        bridge              bridge              local 
-d4c9b0c9437a docker_gwbridge bridge local +d4c9b0c9437a        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-44ozn3vtg23z my-ingress overlay swarm +44ozn3vtg23z        my-ingress          overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
Ligne 907: Ligne 982:
 gp1iozmbi25dx3skn00m6suoz gp1iozmbi25dx3skn00m6suoz
 overall progress: 5 out of 5 tasks  overall progress: 5 out of 5 tasks 
-1/5: running [==================================================>]  +1/5: running   [==================================================>]  
-2/5: running [==================================================>]  +2/5: running   [==================================================>]  
-3/5: running [==================================================>]  +3/5: running   [==================================================>]  
-4/5: running [==================================================>]  +4/5: running   [==================================================>]  
-5/5: running [==================================================>+5/5: running   [==================================================>
 verify: Service converged verify: Service converged
  
 root@manager:~# docker service ls root@manager:~# docker service ls
-ID NAME MODE REPLICAS IMAGE PORTS +ID                  NAME                MODE                REPLICAS            IMAGE               PORTS 
-gp1iozmbi25d my-nginx replicated 5/5 nginx:latest *:80->80/tcp+gp1iozmbi25d        my-nginx            replicated          5/5                 nginx:latest        *:80->80/tcp
  
 root@manager:~# docker service ps my-nginx root@manager:~# docker service ps my-nginx
-ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS 
-upmbwmtr76cm my-nginx.1 nginx:latest worker1.i2tch.loc Running Running about a minute ago                        +upmbwmtr76cm        my-nginx.1          nginx:latest        worker1.i2tch.loc   Running             Running about a minute ago                        
-qz6p1li7zmef my-nginx.2 nginx:latest worker2.i2tch.loc Running Running about a minute ago                        +qz6p1li7zmef        my-nginx.2          nginx:latest        worker2.i2tch.loc   Running             Running about a minute ago                        
-me50mkhd11yk my-nginx.3 nginx:latest manager.i2tch.loc Running Running about a minute ago                        +me50mkhd11yk        my-nginx.3          nginx:latest        manager.i2tch.loc   Running             Running about a minute ago                        
-sctjud70ihkl my-nginx.4 nginx:latest worker1.i2tch.loc Running Running about a minute ago                        +sctjud70ihkl        my-nginx.4          nginx:latest        worker1.i2tch.loc   Running             Running about a minute ago                        
-kql9qx3phb73 my-nginx.5 nginx:latest worker2.i2tch.loc Running Running about a minute ago    +kql9qx3phb73        my-nginx.5          nginx:latest        worker2.i2tch.loc   Running             Running about a minute ago    
 </code> </code>
  
Ligne 1148: Ligne 1223:
 <code> <code>
 root@manager:~# docker node ls root@manager:~# docker node ls
-ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION +ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION 
-b85hxlixbr1mh1txd1hrfe4us * manager.i2tch.loc Ready Active Leader 19.03.4 +b85hxlixbr1mh1txd1hrfe4us *   manager.i2tch.loc   Ready               Active              Leader              19.03.4 
-4sui75vvdhmet4qvt0zbvzlzl worker1.i2tch.loc Ready Active 19.03.4 +4sui75vvdhmet4qvt0zbvzlzl     worker1.i2tch.loc   Ready               Active                                  19.03.4 
-lbjtg5o9kw3x6xg7frm07jfuw worker2.i2tch.loc Ready Active 19.03.4+lbjtg5o9kw3x6xg7frm07jfuw     worker2.i2tch.loc   Ready               Active                                  19.03.4
 </code> </code>
  
-Now download the **docker-stack.yml** file:+Now create the **docker-stack.yml** file:
  
 <code> <code>
-root@manager:~# curl -O https://raw.githubusercontent.com/docker/example-voting-app/master/docker-stack.yml +root@manager:~# vi docker-stack.yml
-  % Total % Received % Xferd Average Speed Time Time Time Current +
-                                 Dload Upload Total Spent Left Speed +
-100 1707 100 1707 0 0 2030 0 --:--:-- --:--:-- --:--:-- 2029 +
-</code>+
  
-View the uploaded file: 
- 
-<code> 
 root@manager:~# cat docker-stack.yml  root@manager:~# cat docker-stack.yml 
 version: "3" version: "3"
Ligne 1288: Ligne 1356:
 {{ :elearning:workbooks:docker2:tvl1m.png?nolink&400 |}} {{ :elearning:workbooks:docker2:tvl1m.png?nolink&400 |}}
  
-  **replicas** - specifies the number of replicas +  **replicas** - specifies the number of replicas 
-  **restart_policy** specifies what happens if the service is stopped. In the case above, docker will try to restart the service **3** times (**max_attempts**) at **10** second intervals (**delay**), waiting **120** seconds (**window**) each time to see if the service has actually restarted, +  **restart_policy** specifies what happens if the service is stopped. In the case above, docker will try to restart the service **3** times (**max_attempts**) at **10** second intervals (**delay**), waiting **120** seconds (**window**) each time to see if the service has actually restarted, 
-  **placement** - specifies where the service should be started.+  **placement** - specifies where the service should be started.
  
 Now deploy the stack: Now deploy the stack:
Ligne 1307: Ligne 1375:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important** - Note that each network and service has the application name **app** as its prefix. **Important** - Note that each network and service has the application name **app** as its prefix.
 </WRAP> </WRAP>
Ligne 1315: Ligne 1383:
 <code> <code>
 root@manager:~# docker stack ls root@manager:~# docker stack ls
-NAME SERVICES ORCHESTRATOR +NAME                SERVICES            ORCHESTRATOR 
-app 6 Swarm+app                                   Swarm
 </code> </code>
  
Ligne 1323: Ligne 1391:
 <code> <code>
 root@manager:~# docker service ls root@manager:~# docker service ls
-ID NAME MODE REPLICAS IMAGE PORTS +ID                  NAME                MODE                REPLICAS            IMAGE                                          PORTS 
-d0i4ac4fshw0 app_db replicated 1/1 postgres:9.4                                    +d0i4ac4fshw0        app_db              replicated          1/1                 postgres:9.4                                    
-funp5kboyip1 app_redis replicated 1/1 redis:alpine                                    +funp5kboyip1        app_redis           replicated          1/1                 redis:alpine                                    
-dpdkc49oj671 app_result replicated 1/1 dockersamples/examplevotingapp_result:before *:5001->80/tcp +dpdkc49oj671        app_result          replicated          1/1                 dockersamples/examplevotingapp_result:before   *:5001->80/tcp 
-vrkahv38v5mn app_visualizer replicated 1/1 dockersamples/visualizer:stable *:8080->8080/tcp +vrkahv38v5mn        app_visualizer      replicated          1/1                 dockersamples/visualizer:stable                *:8080->8080/tcp 
-t4u16cpdrx21 app_vote replicated 2/2 dockersamples/examplevotingapp_vote:before *:5000->80/tcp +t4u16cpdrx21        app_vote            replicated          2/2                 dockersamples/examplevotingapp_vote:before     *:5000->80/tcp 
-so40eljbcviy app_worker replicated 1/1 dockersamples/examplevotingapp_worker:latest  +so40eljbcviy        app_worker          replicated          1/1                 dockersamples/examplevotingapp_worker:latest  
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the **visualizer** service configuration has exposed port **8080**. This way, this service is available on port 8080 of every node in the swarm. **Important**: Note that the **visualizer** service configuration has exposed port **8080**. This way, this service is available on port 8080 of every node in the swarm.
 </WRAP> </WRAP>
  
-Return to the Apache Guacamole window in **your** computer's browser. Click on the **TraineeXX_VNC** connection. Then launch an Internet browser in the **debian9** virtual machine. Go to the URL http://10.0.2.62:8080 and consult the **visualizer** service: +Return to the Apache Guacamole window in **your** computer's browser. Click on the **Debian11_10.0.2.46_VNC** connection. Then launch an Internet browser. Go to the URL http://10.0.2.62:8080 and consult the **visualizer** service:
- +
-{{ :elearning:workbooks:docker:docker001.png?direct&600 |}}+
  
 {{ :elearning:workbooks:docker:docker001.png |}} {{ :elearning:workbooks:docker:docker001.png |}}
Ligne 1348: Ligne 1414:
 <code> <code>
 root@manager:~# docker network ls root@manager:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                               DRIVER              SCOPE 
-sw489bb290zb app_backend overlay swarm +sw489bb290zb        app_backend                        overlay             swarm 
-smuxoglyudpo app_default overlay swarm +smuxoglyudpo        app_default                        overlay             swarm 
-lfizui95od90 app_frontend overlay swarm +lfizui95od90        app_frontend                       overlay             swarm 
-24be8a0f0ef5 bridge bridge local +24be8a0f0ef5        bridge                             bridge              local 
-d4c9b0c9437a docker_gwbridge bridge local +d4c9b0c9437a        docker_gwbridge                    bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                               host                local 
-x7l4mk4ldb75 my-ingress overlay swarm +x7l4mk4ldb75        my-ingress                         overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                               null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the three networks created are of type **overlay**. **Important**: Note that the three networks created are of type **overlay**.
 </WRAP> </WRAP>
Ligne 1365: Ligne 1431:
 <code> <code>
 root@worker1:~# docker network ls root@worker1:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-qhysvpoolsw0 app_frontend overlay swarm +qhysvpoolsw0        app_frontend        overlay             swarm 
-f9a69d02de3b bridge bridge local +f9a69d02de3b        bridge              bridge              local 
-ee22b3e623ca docker_gwbridge bridge local +ee22b3e623ca        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-x7l4mk4ldb75 my-ingress overlay swarm +x7l4mk4ldb75        my-ingress          overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that only the **app_frontend** network has been created in **worker1**. **Important**: Note that only the **app_frontend** network has been created in **worker1**.
 </WRAP> </WRAP>
Ligne 1380: Ligne 1446:
 <code> <code>
 root@worker2:~# docker network ls root@worker2:~# docker network ls
-NETWORK ID NAME DRIVER SCOPE +NETWORK ID          NAME                DRIVER              SCOPE 
-s4gbgi4isp1i app_backend overlay swarm +s4gbgi4isp1i        app_backend         overlay             swarm 
-qhysvpoolsw0 app_frontend overlay swarm +qhysvpoolsw0        app_frontend        overlay             swarm 
-0e6c118bf3fd bridge bridge local +0e6c118bf3fd        bridge              bridge              local 
-0ce1d8369c29 docker_gwbridge local bridge +0ce1d8369c29        docker_gwbridge     bridge              local 
-f3cb3bc3c581 host host local +f3cb3bc3c581        host                host                local 
-x7l4mk4ldb75 my-ingress overlay swarm +x7l4mk4ldb75        my-ingress          overlay             swarm 
-de563e30d473 none null local+de563e30d473        none                null                local
 </code> </code>
  
-<WRAP centre round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the two networks **app_frontend** and **app_backend** were created in **worker2**. **Important**: Note that the two networks **app_frontend** and **app_backend** were created in **worker2**.
 </WRAP> </WRAP>
Ligne 1466: Ligne 1532:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the network is **10.0.3.0/24** and the gateway **10.0.3.1**. **Important**: Note that the network is **10.0.3.0/24** and the gateway **10.0.3.1**.
 </WRAP> </WRAP>
Ligne 1539: Ligne 1605:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the network is **10.0.2.0/24** and the gateway **10.0.2.1**. **Important**: Note that the network is **10.0.2.0/24** and the gateway **10.0.2.1**.
 </WRAP> </WRAP>
Ligne 1604: Ligne 1670:
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP center round important 50%>
 **Important**: Note that the network is **10.0.1.0/24** and the gateway **10.0.1.1**. **Important**: Note that the network is **10.0.1.0/24** and the gateway **10.0.1.1**.
 </WRAP> </WRAP>
Ligne 1616: Ligne 1682:
 <code> <code>
 root@manager:~# docker stack ls root@manager:~# docker stack ls
-NAME SERVICES ORCHESTRATOR +NAME                SERVICES            ORCHESTRATOR 
-app 6 Swarm+app                                   Swarm 
 root@manager:~# docker stack rm app root@manager:~# docker stack rm app
 Removing service app_db Removing service app_db
Ligne 1628: Ligne 1695:
 Removing network app_backend Removing network app_backend
 Removing network app_default Removing network app_default
 +
 root@manager:~# docker ps -a root@manager:~# docker ps -a
-CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS                 NAMES 
-d02c6115724c alpine "/bin/sh" 6 days ago Exited (0) 6 days ago alpine1+d02c6115724c        alpine              "/bin/sh"                6 days ago          Exited (0) 6 days ago                               alpine1
 </code> </code>
  

Piste : Formatting Syntax DOF606 - Gestion du Réseau Overlay avec Docker en mode Swarm DOF203 - Gestion du Réseau avec Docker LCF311 - Validation de la Formation SO215 - Gestion des Serveurs de Base LCF606 - Gestion de la Sécurité RH13407 - Gestion des Machines Virtuelles avec KVM LCF300 - Présentation de la Formation VIC604 - Gestion des VMs et KVM RH12401 - File Hierarchy System

Menu