Docker 集群管理

docker systemd unit file

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket

[Service]
#Environment=HTTP_PROXY=10.48.127.169:8080 HTTPS_PROXY=10.48.127.169:8080
ExecStart=/usr/bin/docker -d -H unix:///var/run/docker.sock -H 0.0.0.0:4243
LimitNOFILE=1048576
LimitNPROC=1048576
EnvironmentFile=/lib/systemd/system/docker_env

[Install]
WantedBy=multi-user.target

Docker 环境配置

vim /lib/systemd/system/docker_env

HTTP_PROXY=http://10.48.127.169:8080
HTTPS_PROXY=http://10.48.127.169:8080
NO_PROXY="10.58.9.82,10.58.9.84"

etcd是一个高可用的键值存储系统，主要用于共享配置和服务发现。etcd是由CoreOS开发并维护的，灵感来自于 ZooKeeper 和 Doozer，它使用Go语言编写，并通过Raft一致性算法处理日志复制以保证强一致性。Raft是一个来自Stanford的新的一致性算法，适用于分布式系统的日志复制，Raft通过选举的方式来实现一致性，在Raft中，任何一个节点都可能成为Leader。Google的容器集群管理系统Kubernetes、开源PaaS平台Cloud Foundry和CoreOS的Fleet都广泛使用了etcd。

安装

git clone https://github.com/coreos/etcd.git
cd /usr/local/etcd
./bulid
ln -s /usr/local/etcd/bin/etcd /usr/local/bin/

官网建议使用0.4.6版

cd /usr/local/etcd
git checkout -b v0.4.6
./build

安装etcdctl

git clone https://github.com/coreos/etcdctl.git
cd /usr/local/etcdctl/
./build
ln -s /usr/local/etcdctl/bin/etcdctl /usr/local/bin/

配置

etcd discovery

etcd -name discovery -peer-addr 10.58.9.85:8001 -peer-bind-addr 10.58.9.85:8001 -addr 10.58.9.85:5001 -bind-addr 10.58.9.85:5001 -data-dir /home/discovery -discovery=""

etcd services

vim /etc/etcd/etcd.conf

addr = "10.58.9.82:4001"
bind_addr = "0.0.0.0"
#change to every member's client IP and port 
ca_file = ""
cert_file = ""
cors = []
cpu_profile_file = ""
data_dir = "/home/etcd/machine"
#specify data directory
discovery = "http://10.58.9.85:5001/v2/keys/discovery"
#configure to discovery cluster's ip + cluster ID
http_read_timeout = 10.0
http_write_timeout = 10.0
key_file = ""
peers = []
peers_file = ""
max_cluster_size = 9
max_result_buffer = 1024
max_retry_attempts = 3
name = "Peer-82"
#change name
snapshot = true
verbose = false
very_verbose = false

[peer]
addr = "10.58.9.82:7001"
bind_addr = "0.0.0.0"
#change to every member's peer IP and port 
ca_file = ""
cert_file = ""
key_file = ""

[cluster]
active_size = 9
remove_delay = 1800.0
sync_interval = 5.0

启动etcd

etcd -config=/etc/etcd/etcd.conf

测试

curl -L http://127.0.0.1:4001/v2/keys/message -XPUT -d value="Hello world"
curl http://127.0.0.1:4001/v2/keys/message

使用systemd unit file启动

vim /lib/systemd/system/etcd-discovery.service

[Unit]
Description=Etcd Discovery Server
After=network.target

[Service]
Environment="ETCD_ADDR=10.58.9.85:5001"
Environment="ETCD_BIND_ADDR=0.0.0.0"
Environment="ETCD_DATA_DIR=/home/etcd/discovery"
Environment="ETCD_HTTP_READ_TIMEOUT=10.0"
Environment="ETCD_HTTP_WRITE_TIMEOUT=10.0"
Environment="ETCD_DISCOVERY="
Environment="ETCD_MAX_CLUSTER_SIZE=9"
Environment="ETCD_MAX_RESULT_BUFFER=1024"
Environment="ETCD_MAX_RETRY_ATTEMPTS=3"
Environment="ETCD_NAME=etcd-discovery"
Environment="ETCD_SNAPSHOT=true"
Environment="ETCD_VERBOSE=false"
Environment="ETCD_VERY_VERBOSE=false"
Environment="ETCD_PEER_ADDR=10.58.9.85:8001"
Environment="ETCD_PEER_BIND_ADDR=0.0.0.0"
Environment="ETCD_CLUSTER_ACTIVE_SIZE=9"
Environment="ETCD_CLUSTER_REMOVE_DELAY=1800.0"
Environment="ETCD_CLUSTER_SYNC_INTERVAL=5.0"

# etc logs to the journal directly, suppress double logging
#StandardOutput=null
#WorkingDirectory=/home/etcd/discovery
ExecStart=/usr/local/bin/etcd

[Install]
WantedBy=multi-user.target

vim /lib/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target
#Requires=etcd-discovery.service

[Service]
Environment="ETCD_ADDR=10.58.9.85:4001"
Environment="ETCD_BIND_ADDR=0.0.0.0"
Environment="ETCD_DATA_DIR=/home/etcd/machine"
Environment="ETCD_HTTP_READ_TIMEOUT=10.0"
Environment="ETCD_HTTP_WRITE_TIMEOUT=10.0"
Environment="ETCD_DISCOVERY=http://10.58.9.85:5001/v2/keys/discovery"
Environment="ETCD_MAX_CLUSTER_SIZE=9"
Environment="ETCD_MAX_RESULT_BUFFER=1024"
Environment="ETCD_MAX_RETRY_ATTEMPTS=3"
Environment="ETCD_NAME=peer-85"
Environment="ETCD_SNAPSHOT=true"
Environment="ETCD_VERBOSE=false"
Environment="ETCD_VERY_VERBOSE=false"
Environment="ETCD_PEER_ADDR=10.58.9.85:7001"
Environment="ETCD_PEER_BIND_ADDR=0.0.0.0"
Environment="ETCD_CLUSTER_ACTIVE_SIZE=9"
Environment="ETCD_CLUSTER_REMOVE_DELAY=1800.0"
Environment="ETCD_CLUSTER_SYNC_INTERVAL=5.0"

# etc logs to the journal directly, suppress double logging
#StandardOutput=null
#WorkingDirectory=/home/etcd/discovery
ExecStart=/usr/local/bin/etcd

[Install]
WantedBy=multi-user.target

systemctl enable etcd-discovery.service
systemctl daemon-reload
systemctl start etcd-discovery.service
systemctl stop etcd-discovery.service

systemctl enable etcd.service
systemctl daemon-reload
systemctl start etcd.service
systemctl stop etcd.service

etcdctl 命令

查看所有根节点

etcdctl ls --recursive

删除指定节点

etcdctl rm fleet --recursive

安装fleet

git clone https://github.com/coreos/fleet.git
cd fleet
./build
ln -s /usr/local/fleet/bin/fleetd /usr/local/bin/
ln -s /usr/local/fleet/bin/fleetctl /usr/local/bin/

生成dbus machine-id

http://dbus.freedesktop.org/doc/dbus-uuidgen.1.html

dbus-uuidgen > /var/lib/dbus/machine-id
ln -s /var/lib/dbus/machine-id /etc/machine-id

systemd fleet 启动

vim /lib/systemd/system/fleet.service

[Unit]
Description=Fleet Server
After=network.target
Requires=etcd.service

[Service]
Environment="FLEET_ETCD_SERVERS=http://10.58.9.85:4001"
Environment="FLEET_ETCD_REQUEST=2.0"
Environment="FLEET_VERBOSITY=0"
#Environment="FLEET_PUBLIC_IP=10.58.9.85"
Environment="FLEET_METADATA='role=default'"
Environment="FLEET_ETCD_KEY_PREFIX=fleet"

ExecStart=/usr/local/bin/fleetd

[Install]
WantedBy=multi-user.target

systemctl enable fleet.service
systemctl start fleet.service

fleetctl 命令

fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ list-machines
fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ submit tickler.1.service 
fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ list-unit-files
fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ start tickler.1.service
fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ status tickler.1.service
fleetctl --debug --endpoint=http://10.58.9.85:4001 --etcd-key-prefix=/fleet/ journal tickler.1.service

fleet API

vim /lib/systemd/system/fleet.socket

[Socket]
# Talk to the API over a Unix domain socket (default)
#ListenStream=/var/run/fleet.sock
# Talk to the API over an exposed port, uncomment to enable and choose a port
ListenStream=127.0.0.1:49155
Service=fleet.service

[Install]
WantedBy=sockets.target

systemctl daemon-reload
systemctl start fleet.socket
systemctl start fleet.service

Command	Desired State	Valid Previous States
`fleetctl submit`	`inactive`	`(unknown)`
`fleetctl load`	`loaded`	`(unknown)` or `inactive`
`fleetctl start`	`launched`	`(unknown)` or `inactive` or `loaded`
`fleetctl stop`	`loaded`	`launched`
`fleetctl unload`	`inactive`	`launched` or `loaded`
`fleetctl destroy`	`(unknown)`	`launched` or `loaded` or `inactive`