• home
  • about
  • blog

Notes: Docker Swarm

July 28, 2020

Docker Swarm is a container orchestration tool, meaning that it allows the user to manage multiple containers deployed across multiple host machines. […] Once a group of machines have been clustered together, you can still run the Docker commands that you’re used to, but they will now be carried out by the machines in your cluster.

Two aspects of Swarm: the Secure cluster a& the Orchestrator

When you run docker swarm init in a single docker node:

  1. The node changes from “single-engine” mode to “swarm” mode
  2. The node becomes the first Manager of the swarm
  3. The node automatically becomes the Leader of the swarm
  4. A client certificate is issue for it
  5. A Cluster store is created
  6. A set of cryptographic tokens are created, one for joining new managers and other for joining new workers

In a cluster with multiple managers:

  • Only one manager is the Leader. Other managers are the Follower managers
  • If you issue commands to the a Follower manager in the cluster, the command is proxied to the Leader
  • If the leader fails, an Election occurs and a new Leader is elected. The new leader is elected by Raft consensus
  • Network between the manager nodes must be fast and reliable (avoid spreading them across different regions)

When you join a Worker into the cluster:

  • It gets a full list of IPs for the managers
  • Workers in a cluster can have different OS (Windows and Linux mixed)
  • Workers don’t have access to the Cluster store
  • Workers get a certificate

docker system info: Swarm: inactive tells you that you are running in single-engine mode

Lock a Swarm with Autolock

  • Prevents restarted Managers from automatically re-joining the Swarm.
  • Disabled by default
  • docker swarm init --autolock for new Swarms
  • docker swarm update --autolock=true for existing Swarms

If you restart docker (service docker restart) the Swarm will need to be unlocked before it can be used. Unlocking the swarm requires the lock key.

Sources: [1]

© 2017 - 2020 Ruan Martinelli.