1、环境准备​ 本文中的案例会有四台机器，他们的Host和IP地址如下c1 -> 10.0.0.31c2 -> 10.0.0.32c3 -> 10.0.0.33c4 -> 10.0.0.34​ 四台机器的host以c1为例：[root[@c1](https://my.oschina.net/streetc) ~]# cat /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4#::1         localhost localhost.localdomain localhost6 localhost6.localdomain610.0.0.31 c110.0.0.32 c210.0.0.33 c310.0.0.34 c41.1、Centos 7 64位安装​ 以c1安装为示例，安装过程中使用英文版本,然后点击continue​ 点击LOCALIZATION下面的Data & Time,然后选择Asia/shanghai时区,点击Done.​​ 点击SYSTEM下面的INSTALLATION DESTINATION，选择你的硬盘后，在下面的单选框中，选择I will configure partitioning点击Done,我们来自定义硬盘和分区​ 点击Click here to create them automatically，系统会自动帮我们创建出推荐的分区格式。​ 我们将/home的挂载点删除掉，统一加到点/，文件类型是xfs，使用全部的硬盘空间,点击Update Settings，确保后面软件有足够的安装空间。 最后点击左上角的Done按钮xfs是在Centos7.0开始提供的，原来的ext4虽然稳定，但最多只能有大概40多亿文件，单个文件大小最大只能支持到16T(4K block size) 的话。而XFS使用64位管理空间，文件系统规模可以达到EB级别。用于正式生产的服务器，切记必须把数据盘单独分区，防止系统出问题时，保证数据的完整性。比如可以再划分一个，/data专门用来存放数据。​ 在弹出的窗口中点击Accept Changes​ 点击下图中的位置，设置机器的Host Name，这里我们安装机器的Host Name为c1​ 最后点击右下角的Begin Installation，过程中可以设置root的密码，也可以创建其他用户1.2、网络配置​ 以下以c1为例[root[@c1](https://my.oschina.net/streetc) ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0TYPE=EthernetBOOTPROTO=static     #启用静态IP地址DEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=eth0UUID=e57c6a58-1951-4cfa-b3d1-cf25c4cdebddDEVICE=eth0ONBOOT=yes  #开启自动启用网络连接IPADDR0=192.168.0.31    #设置IP地址PREFIXO0=24 #设置子网掩码GATEWAY0=192.168.0.1    #设置网关DNS1=192.168.0.1    #设置DNSDNS2=8.8.8.8​ 重启网络：[root[@c1](https://my.oschina.net/streetc) ~]# service network restart​ 更改源为阿里云[root[@c1](https://my.oschina.net/streetc) ~]# yum install -y wget[root[@c1](https://my.oschina.net/streetc) ~]# cd /etc/yum.repos.d/[root@c1 yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak[root@c1 yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo[root@c1 yum.repos.d]# wget http://mirrors.163.com/.help/CentOS7-Base-163.repo[root@c1 yum.repos.d]# yum clean all[root@c1 yum.repos.d]# yum makecache​ 安装网络工具包和基础工具包[root@c1 ~]# yum install net-tools checkpolicy gcc dkms foomatic openssh-server bash-completion -y1.3、更改hostname​ 在四台机器上依次设置hostname，以下以c1为例[root@localhost ~]# hostnamectl --static set-hostname c1[root@localhost ~]# hostnamectl status   Static hostname: c1         Icon name: computer-vm           Chassis: vm        Machine ID: e4ac9d1a9e9b4af1bb67264b83da59e4           Boot ID: a128517ed6cb41d083da61de5951a109    Virtualization: kvm  Operating System: CentOS Linux 7 (Core)       CPE OS Name: cpe:/o:centos:centos:7            Kernel: Linux 3.10.0-327.36.3.el7.x86_64      Architecture: x86-641.4、配置ssh免密码登录登录​ 先后在四台机器分别执行,以c1为例[root@c1 ~]# ssh-keygen#一路按回车到最后​ 在免登录端修改配置文件[root@c1 ~]# vi /etc/ssh/sshd_config#找到以下内容，并去掉注释符#　　RSAAuthentication yes　　PubkeyAuthentication yes　　AuthorizedKeysFile  .ssh/authorized_keys​ 将ssh-keygen生成的密钥，分别复制到其他三台机器，以下以c1为例[root@c1 ~]# ssh-copy-id c1The authenticity of host 'c1 (10.0.0.31)' can't be established.ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@c1's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'c1'"and check to make sure that only the key(s) you wanted were added.[root@c1 ~]# ssh-copy-id c2The authenticity of host 'c2 (10.0.0.32)' can't be established.ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@c2's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'c2'"and check to make sure that only the key(s) you wanted were added.[root@c1 ~]# ssh-copy-id c3The authenticity of host 'c3 (10.0.0.33)' can't be established.ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@c3's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'c3'"and check to make sure that only the key(s) you wanted were added.[root@c1 ~]# ssh-copy-id c4The authenticity of host 'c4 (10.0.0.34)' can't be established.ECDSA key fingerprint is 22:84:fe:22:c2:e1:81:a6:77:d2:dc:be:7b:b7:bf:b8.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@c4's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'c4'"and check to make sure that only the key(s) you wanted were added.​ 测试密钥是否配置成功[root@c1 ~]# for N in $(seq 1 4); do ssh c$N hostname; done;c1c2c3c4​ 安装ntp时间同步工具和git[root@c1 ~]# for N in $(seq 1 4); do ssh c$N yum install ntp git -y; done;2、安装Docker1.12.3和初步配置​ 可以直接在github上获取Docker各个版本包：https://github.com/docker/docker/releases​ 链接中提供了所有的Docker核心包：http://yum.dockerproject.org/repo/main/centos/7/Packages/​2.1、安装Docker1.12.3​ 不建议直接使用Docker官方的docker yum源进行安装，因为会依据系统版本去选择Docker版本，不能指定相应的版本进行选择安装。在四台机器上依次执行下面的命令，可以将下面的命令，直接复制粘贴到命令行中mkdir -p ~/_src \&& cd ~/_src \&& wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.3-1.el7.centos.noarch.rpm \&& wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.3-1.el7.centos.x86_64.rpm \&& wget http://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-debuginfo-1.12.3-1.el7.centos.x86_64.rpm \&& yum localinstall -y docker-engine-selinux-1.12.3-1.el7.centos.noarch.rpm docker-engine-1.12.3-1.el7.centos.x86_64.rpm docker-engine-debuginfo-1.12.3-1.el7.centos.x86_64.rpm2.2、 验证Docker是否安装成功​ Centos7中Docker1.12中默认使用Docker作为客户端程序，使用dockerd作为服务端程序。[root@c1 _src]# docker versionClient: Version:      1.12.3 API version:  1.24 Go version:   go1.6.3 Git commit:   6b644ec Built: OS/Arch:      linux/amd64Cannot connect to the Docker daemon. Is the docker daemon running on this host?2.3、启动Docker daemon程序​ 在Docker1.12中，默认的daemon程序是dockerd，可以执行dockerd或者使用系统自带systemd去管理服务。但是需要注意的是，默认用的都是默认的参数，比如私有网段默认使用172.17.0.0/16 ，网桥使用docker0等等[root@c1 _src]# dockerdINFO[0000] libcontainerd: new containerd process, pid: 6469WARN[0000] containerd: low RLIMIT_NOFILE changing to max  current=1024 max=4096WARN[0001] devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section.WARN[0001] devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem  will be ignored.INFO[0001] [graphdriver] using prior storage driver "devicemapper"INFO[0001] Graph migration to content-addressability took 0.00 secondsWARN[0001] mountpoint for pids not foundINFO[0001] Loading containers: start.INFO[0001] Firewalld running: trueINFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP addressINFO[0001] Loading containers: done.INFO[0001] Daemon has completed initializationINFO[0001] Docker daemon                                 commit=6b644ec graphdriver=devicemapper version=1.12.3INFO[0001] API listen on /var/run/docker.sock2.3、通过系统自带的systemctl启动docker，并启动docker服务[root@c1 _src]# systemctl enable docker && systemctl start dockerCreated symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.使用dockerd --help查看启动参数[root@c1 _src]# dockerd --helpUsage: dockerd [OPTIONS]A self-sufficient runtime for containers.Options:  --add-runtime=[]                         Register an additional OCI compatible runtime  --api-cors-header                        Set CORS headers in the remote API  --authorization-plugin=[]                Authorization plugins to load  -b, --bridge          #指定容器使用的网络接口，默认为docker0，也可以指定其他网络接口--bip                 #指定桥接地址，即定义一个容器的私有网络--cgroup-parent       #为所有的容器指定父cgroup--cluster-advertise   #为集群设定一个地址或者名字--cluster-store       #后端分布式存储的URL--cluster-store-opt=map[]  #设置集群存储参数--config-file=/etc/docker/daemon.json  #指定配置文件-D                    #启动debug模式--default-gateway     #为容器设定默认的ipv4网关(--default-gateway-v6)--dns=[]              #设置dns--dns-opt=[]          #设置dns参数--dns-search=[]       #设置dns域--exec-opt=[]         #运行时附加参数--exec-root=/var/run/docker  #设置运行状态文件存储目录--fixed-cidr          #为ipv4子网绑定ip-G, --group=docker    #设置docker运行时的属组-g, --graph=/var/lib/docker  #设置docker运行时的家目录-H, --host=[]         #设置docker程序启动后套接字连接地址--icc=true            #是内部容器可以互相通信，环境中需要禁止内部容器访问--insecure-registry=[] #设置内部私有注册中心地址--ip=0.0.0.0          #当映射容器端口的时候默认的ip(这个应该是在多主机网络的时候会比较有用)--ip-forward=true     #使net.ipv4.ip_forward生效，其实就是内核里面forward--ip-masq=true        #启用ip伪装技术(容器访问外部程序默认不会暴露自己的ip)--iptables=true       #启用容器使用iptables规则-l, --log-level=info  #设置日志级别--live-restore        #启用热启动(重启docker，保证容器一直运行1.12新特性)--log-driver=json-file  #容器日志默认的驱动--max-concurrent-downloads=3  #为每个pull设置最大并发下载--max-concurrent-uploads=5    #为每个push设置最大并发上传--mtu                   #设置容器网络的MTU--oom-score-adjust=-500  #设置内存oom的平分策略(-1000/1000)-p, --pidfile=/var/run/docker.pid  #指定pid所在位置-s, --storage-driver     #设置docker存储驱动--selinux-enabled        #启用selinux的支持--storage-opt=[]         #存储参数驱动--swarm-default-advertise-addr  #设置swarm默认的node节点--tls                    #使用tls加密--tlscacert=~/.docker/ca.pem  #配置tls CA 认证--tlscert=~/.docker/cert.pem  #指定认证文件--tlskey=~/.docker/key.pem    #指定认证keys--userland-proxy=true         #为回环接口使用用户代理--userns-remap                #为用户态的namespaces设定用户或组2.4、修改docker的配置文件​ 以下以c1为例，在ExecStart后面加上我们自定义的参数，其中三台机器也要做同步修改[root@c1 ~]# vi /lib/systemd/system/docker.service[Unit]Description=Docker Application Container EngineDocumentation=https://docs.docker.comAfter=network.target[Service]Type=notify# the default is not to use systemd for cgroups because the delegate issues still# exists and systemd currently does not support the cgroup feature set required# for containers run by docker# Overlayfs跟AUFS很像，但是性能比AUFS好，有更好的内存利用。# 加上阿里云的docker加速ExecStart=/usr/bin/dockerd -s=overlay --registry-mirror=https://7rgqloza.mirror.aliyuncs.com --insecure-registry=localhost:5000 -H unix:///var/run/docker.sock --pidfile=/var/run/docker.pidExecReload=/bin/kill -s HUP $MAINPID# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNOFILE=infinityLimitNPROC=infinityLimitCORE=infinity# Uncomment TasksMax if your systemd version supports it.# Only systemd 226 and above support this version.#TasksMax=infinityTimeoutStartSec=0# set delegate yes so that systemd does not reset the cgroups of docker containersDelegate=yes# kill only the docker process, not all processes in the cgroupKillMode=process[Install]WantedBy=multi-user.target重启docker服务，以保证新的配置生效[root@c1 ~]# systemctl daemon-reload && systemctl restart docker.service3、创建swarm 集群10.0.0.31 (hostname:c1)作为swarm manager110.0.0.32 (hostname:c2)做为swarm manager210.0.0.33 (hostname:c3)做为swarm agent110.0.0.34 (hostname:c4)做为swarm agent23.1、开放firewall防火墙端口​ 在配置集群前要先开放防火墙的端口，将下面的命令，复制、粘贴到4台机器的命令行中执行。firewall-cmd --zone=public --add-port=2377/tcp --permanent && \firewall-cmd --zone=public --add-port=7946/tcp --permanent && \firewall-cmd --zone=public --add-port=7946/udp --permanent && \firewall-cmd --zone=public --add-port=4789/tcp --permanent && \firewall-cmd --zone=public --add-port=4789/udp --permanent && \firewall-cmd --reload ​ 以c1为例，查看端口开放情况[root@c1 ~]# firewall-cmd --list-ports4789/tcp 4789/udp 7946/tcp 2377/tcp 7946/udp3.2、设置swarm集群并将其他3台机器添加到集群​ 在c1上初始化swarm集群，用--listen-addr指定监听的ip与端口[root@c1 ~]# docker swarm init --listen-addr 0.0.0.0Swarm initialized: current node (73ju72f6nlyl9kiib7z5r0bsk) is now a manager.To add a worker to this swarm, run the following command:    docker swarm join \    --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-4f1xl8ici0o32qfyru9y6wepv \    10.0.0.31:2377To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.使用docker swarm join-token manager可以查看加入为swarm manager的token​ 查看结果，可以看到我们现在只有一个节点[root@c1 ~]# docker node lsID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS3ju72f6nlyl9kiib7z5r0bsk *  c1        Ready   Active        Leader​ 通过以下命令，我们将另外3台机器，加入到集群中，将下面的命令，复制、粘贴到c1的命令行中for N in $(seq 2 4); \do ssh c$N \docker swarm join \--token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-4f1xl8ici0o32qfyru9y6wepv \10.0.0.31:2377 \;done​ 再次查看集群节点情况，可以看到其他机器已经添加到集群中,并且c1是leader状态[root@c1 ~]# docker node lsID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUSqn7aw9ihbjphtnm1toaoevq8    c4        Ready   Activecxm0w5j3x4mqrj8f1kdrgln5 *  c1        Ready   Active        Leaderwqpz2v3b71q0ohzdifi94ma9    c2        Ready   Activet9ceme3w14o4gfnljtfrkpgp    c3        Ready   Active​ 将c2也设置为集群的主节点，先在c1上查看加入到主节点的token[root@c1 ~]# docker swarm join-token managerTo add a manager to this swarm, run the following command:    docker swarm join \    --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-b7k3agnzez1bjj3nfz2h93xh0 \    10.0.0.31:2377​ 根据c1的token信息，我们先在c2上脱离集群，再将c2加入到管理者[root@c2 ~]# docker swarm leaveNode left the swarm.[root@c2 ~]# docker swarm join \>     --token SWMTKN-1-47dxwelbdopq8915rjfr0hxe6t9cebsm0q30miro4u4qcwbh1c-b7k3agnzez1bjj3nfz2h93xh0 \>     10.0.0.31:2377This node joined a swarm as a manager.​ 这时我们在c1和c2任意一台机器，输入docker node ls都能够看到最新的集群节点状态，这时c2的MANAGER STATUS已经变为了Reachable[root@c1 ~]# docker node lsID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUSqn7aw9ihbjphtnm1toaoevq8    c4        Ready   Activecxm0w5j3x4mqrj8f1kdrgln5 *  c1        Ready   Active        Leaderwqpz2v3b71q0ohzdifi94ma9    c2        Down    Activet9ceme3w14o4gfnljtfrkpgp    c3        Ready   Activeai6peof1e9wyovp8uxn5b2ufe    c2        Ready   Active        Reachable因为之前我们是使用docker swarm leave，所以早期的c2的状态是Down，可以通过 docker node rm 
    
     命令删除掉3.3、创建一个overlay 网络​ 单台服务器的时候我们应用所有的容器都跑在一台主机上, 所以容器之间的网络是能够互通的. 现在我们的集群有4台主机，如何保证不同主机之前的docker是互通的呢？​ swarm集群已经帮我们解决了这个问题了,就是只用overlay network.​ 在docker 1.12以前, swarm集群需要一个额外的key-value存储(consul, etcd etc). 来同步网络配置, 保证所有容器在同一个网段中. 在docker 1.12已经内置了这个存储, 集成了overlay networks的支持.​ 查看原有网络[root@c1 ~]# docker network lsNETWORK ID          NAME                DRIVER              SCOPE23ee2bb5a2a1        bridge              bridge              localfd17ed8db4d8        docker_gwbridge     bridge              local6878c36aa311        host                host                local08tt2s4pqf96        ingress             overlay             swarm7c18e57e24f2        none                null                local可以看到在swarm上默认已有一个名为ingress的overlay 网络,默认在swarm里使用，本文会创建一个新的​ 创建一个名为idoall-org的overlay网络[root@c1 ~]# docker network create --subnet=10.0.9.0/24 --driver overlay idoall-orge63ca0d7zcbxqpp4svlv5x04v[root@c1 ~]# docker network lsNETWORK ID          NAME                DRIVER              SCOPE5e47ba02a985        bridge              bridge              localfd17ed8db4d8        docker_gwbridge     bridge              local6878c36aa311        host                host                locale63ca0d7zcbx        idoall-org          overlay             swarm08tt2s4pqf96        ingress             overlay             swarm7c18e57e24f2        none                null                local新的网络(idoall-org)已创建--subnet 用于指定创建overlay网络的网段，也可以省略此参数​ 可以使用docker network inspect idoall-org查看我们添加的网络信息[root@c1 ~]# docker network inspect idoall-org[    {        "Name": "idoall-org",        "Id": "e63ca0d7zcbxqpp4svlv5x04v",        "Scope": "swarm",        "Driver": "overlay",        "EnableIPv6": false,        "IPAM": {            "Driver": "default",            "Options": null,            "Config": [                {                    "Subnet": "10.0.9.0/24",                    "Gateway": "10.0.9.1"                }            ]        },        "Internal": false,        "Containers": null,        "Options": {            "com.docker.network.driver.overlay.vxlanid_list": "257"        },        "Labels": null    }]3.4、在网络上运行容器用alpine镜像在idoall-org网络上启动3个实例[root@c1 ~]# docker service create --name idoall-org-test-ping --replicas 3 --network=idoall-org alpine ping baidu.comavcrdsntx8b8ei091lq5cl76y[root@c1 ~]# docker service ps idoall-org-test-pingID                         NAME                    IMAGE   NODE  DESIRED STATE  CURRENT STATE           ERROR42vigh5lxkvgge9zo27hfah88  idoall-org-test-ping.1  alpine  c4    Running        Starting 1 seconds agoaovr8r7r7lykzmxqs30e8s4ee  idoall-org-test-ping.2  alpine  c3    Running        Starting 1 seconds agoc7pv2o597qycsqzqzgjwwtw8b  idoall-org-test-ping.3  alpine  c1    Running        Running 3 seconds ago可以看到3个实例，分别部署在c1、c3、c4三台机器上也可以使用--mode golbal 指定service运行在每个swarm节点上，稍后会有介绍3.5、扩展(Scaling)应用​ 假设在程序运行的时候，发现资源不够用，我们可以使用scale进行扩展，现在有3个实例，我们更改为4个实例[root@c1 ~]# docker service scale idoall-org-test-ping=4idoall-org-test-ping scaled to 4[root@c1 ~]# docker service ps idoall-org-test-pingID                         NAME                    IMAGE   NODE  DESIRED STATE  CURRENT STATE          ERROR42vigh5lxkvgge9zo27hfah88  idoall-org-test-ping.1  alpine  c4    Running        Running 4 minutes agoaovr8r7r7lykzmxqs30e8s4ee  idoall-org-test-ping.2  alpine  c3    Running        Running 4 minutes agoc7pv2o597qycsqzqzgjwwtw8b  idoall-org-test-ping.3  alpine  c1    Running        Running 4 minutes ago72of5dfm67duccxsdyt1e25qd  idoall-org-test-ping.4  alpine  c2    Running        Running 1 seconds ago3.6、对service服务进行指定运行​ 在上面的案例中，不管你的实例是几个，是由swarm自动调度定义执行在某个节点上。我们可以通过在创建service的时候可以使用--constraints参数，来对service进行限制，例如我们指定一个服务在c4上运行：[root@c1 ~]# docker service create \--network idoall-org \--name idoall-org \--constraint 'node.hostname==c4' \-p 9000:9000 \idoall/golang-revel服务启动以后，通过浏览http://10.0.0.31:9000/，或者31-34的任意IP,都可以看到效果，Docker Swarm会自动做负载均衡，稍后会介绍关于Docker Swarm的负载均衡​ 由于各地的网络不同，下载镜像可能有些慢，可以使用下面的命令，对命名为idoall-org的镜像进行监控[root@c1 ~]# watch docker service ps idoall-org​ 除了hostname也可以使用其他节点属性来创建约束表达式写法参见下表:节点属性 匹配 示例node.id 节点 ID node.id == 2ivku8v2gvtg4node.hostname 节点 hostname node.hostname != c2node.role 节点 role: manager node.role == managernode.labels 用户自定义 node labels node.labels.security == highengine.labels Docker Engine labels engine.labels.operatingsystem == ubuntu 14.04​ 我们也可以通过docker node update命令，来为机器添加label，例如:[root@c1 ~]# docker node update --label-add site=idoall-org c1[root@c2 ~]# docker node inspect c1[    {        "ID": "4cxm0w5j3x4mqrj8f1kdrgln5",        "Version": {            "Index": 108        },        "CreatedAt": "2016-12-11T11:13:32.495274292Z",        "UpdatedAt": "2016-12-11T12:00:05.956367412Z",        "Spec": {            "Labels": {                "site": "idoall-org"...]​ 对于已有service, 可以通过docker service update,添加constraint配置, 例如：[root@c1 ~]# docker service update registry --constraint-add 'node.labels.site==idoall-org'3.7、测试docker swarm网络是否能互通​ 在c1上执行[root@c1 ~]# docker ps -aCONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMESc683692b0153        alpine:latest       "ping baidu.com"    25 minutes ago      Up 25 minutes                                   idoall-org-test-ping.4.c7pv2o597qycsqzqzgjwwtw8b[root@c1 ~]# docker exec -it 47e5 sh/ # ping idoall-org.1.9ne6hxjhvneuhsrhllykrg7zmPING idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm (10.0.9.8): 56 data bytes64 bytes from 10.0.9.8: seq=0 ttl=64 time=1.080 ms64 bytes from 10.0.9.8: seq=1 ttl=64 time=1.349 ms64 bytes from 10.0.9.8: seq=2 ttl=64 time=1.026 msidoall-org.1.9ne6hxjhvneuhsrhllykrg7zm是容器在c4上运行的名称在使用exec进入容器的时候，可以只输入容器id的前4位​ 在c4上执行[root@c4 ~]# docker ps -aCONTAINER ID        IMAGE                                        COMMAND                  CREATED              STATUS              PORTS               NAMES1ead9bb757a0        idoall/docker-golang1.7.4-revel0.13:latest   "/usr/bin/supervisord"   About a minute ago   Up 58 seconds                           idoall-org.1.9ne6hxjhvneuhsrhllykrg7zm033531b30b79        alpine:latest                                "ping baidu.com"         About a minute ago   Up About a minute                       idoall-org-test-ping.1.6st5xvehh7c3bwaxsen3r4gpn[root@c2 ~]# docker exec -it f49c435c94ea shbash-4.3# ping idoall-org-test-ping.4.cirnop0kxbuxiyjh87ii6hh4xPING idoall-org-test-ping.4.cirnop0kxbuxiyjh87ii6hh4x (10.0.9.6): 56 data bytes64 bytes from 10.0.9.6: seq=0 ttl=64 time=0.531 ms64 bytes from 10.0.9.6: seq=1 ttl=64 time=0.700 ms64 bytes from 10.0.9.6: seq=2 ttl=64 time=0.756 ms3.8、测试dokcer swarm自带的负载均衡​ 使用--mode global参数，在每个节点上创建一个web服务[root@c1 ~]# docker service create --name whoami --mode global -p 8000:8000 jwilder/whoami1u87lrzlktgskt4g6ae30xzb8[root@c1 ~]# docker service ps whoamiID                         NAME        IMAGE           NODE  DESIRED STATE  CURRENT STATE           ERRORcjf5w0pv5bbrph2gcvj508rvj  whoami      jwilder/whoami  c2    Running        Running 16 minutes agodokh8j4z0iuslye0qa662axqv   \_ whoami  jwilder/whoami  c3    Running        Running 16 minutes agodumjwz4oqc5xobvjv9rosom0w   \_ whoami  jwilder/whoami  c1    Running        Running 16 minutes agobbzgdau14p5b4puvojf06gn5s   \_ whoami  jwilder/whoami  c4    Running        Running 16 minutes ago​ 在任意一台机器上执行以下命令，可以发现，每次获取到的都是不同的值，超过4次以后，会继续轮询到第1台机器[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000I'm 8c2eeb5d420f[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000I'm 0b56c2a5b2a4[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000I'm 000982389fa0[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000I'm db8d3e839de5[root@c1 ~]# curl $(hostname --all-ip-addresses | awk '{print $1}'):8000I'm 8c2eeb5d420f扩展阅读