- On your localhost installed: latest Python 2, latest Docker, Ansible >= 2.4
$ pip install ansible
- Install Vagrant >= 2 and VirtualBox >= 5
No need to use command $ cluster-cli.sh init
- Use vagrant to raise up of virtual machines:
$ vagrant up --no-provision
. - Use hosts.sandbox
$ cp hosts.sandbox hosts
- Use only first step from Pre-request (tls for dockerd).
- And start from Provision all nodes section
- Need to generate tls env for dockerd. Fill fields by any values
$ cd files; sh tls-docker-generate.sh
. - Each cluster node has private network with known ip
- Configure hosts file, place nodes in related groups (config for each node: ssh, ip (best to be a private ip), maintainer_user, maintainer_group)
Init node (instead you can use terraform):
- Create or Copy ssh keys
- Add maintainer user (with default password maintainer)
- Enable only ssh pub key login & change port to 16223 (default)
- Update & Upgrade packages
- Set up hostname and ansible inventory file
- Restart
$ ./cluster-cli.sh init IP NODENAME
NODENAME should be unique in the cluster.
$ ./cluster-cli.sh provision-all
- Install utils
- Base configure ufw
- Install docker, docker-compose
$ ./cluster-cli.sh firewall
- Allow traffic between nodes in private network
- Specify hostname and related ip in hosts on all nodes
$ ./cluster-cli.sh swarm
- Init and join manager nodes
- Init and join worker nodes
$ ./cluster-cli.sh ssh NODENAME
$ ./cluster-cli.sh docker NODENAME
Apply DOCKER_HOST env variable, and use remote docker on your localhost
-
Add new swarm node
- Init node by
$ ./cluster-cli.sh init IP NODENAME
- Execute
$ ./cluster-cli.sh provision NODENAME
- Execute
$ ./cluster-cli.sh firewall
- Execute
$ ./cluster-cli.sh swarm
- Init node by
-
Remove swarm node
- Try to stop / disable / remove services (maybe need to move special service data to the another node(s)).
- Remove swarm node from cluster by executing
$ docker swarm leave --force
on the node who need to remove from cluster. - Add removed node to the group [removed_nodes_from_cluster] in the hosts file.
- Execute
$ ./cluster-cli.sh firewall
-
Deploy one of Redis/Mongo in HA/FT mode you should specify labels for nodes:
- For redis
$ docker node update node_name.... --label-add com.secrettech.db.redis.index=#
(#=1,2,3) 3 node are need - For mongo
$ docker node update node_name.... --label-add com.secrettech.db.mongo.index=#
(#=1,2,3) 3 node are need
- For redis
Use stacks folder.
- portainer (to control swarm cluster through ui)
- ingress-proxy (to have access services by url (host, path))
- deploy-helper (to simplify stacks (redis, mongo, auth/verify, applications) deployments)
- stack-examples (standalone stack examples)