Let us get started with setting up a fresh Docker Datacenter setup. I am going to leverage 6-node instances of Google Cloud Platform to share my experience with DDC UI.
Built-in Docker 1.12 Swarm Mode Capabilities:
Run the below command on the first node where we are going to install Docker CS Engine.
$ sudo curl -SLf https://packages.docker.com/1.12/install.sh | sh
Next, its time to install UCP:
$sudo docker run --rm -it \ --name ucp \ -v /var/run/docker.sock:/var/run/docker.sock \ docker/ucp install \ --host-address 10.140.0.5 \ --interactive
This brings up UCP UI as shown below. Kudos to Docker UCP Team for “a very lightweight UI” with the latest release.
Docker Inc. provides you with 30-days trial license once you register for Docker Datacenter. Upload the license accordingly.
Once you login, you will see that you have Swarm Mode cluster already initialized.
I was interested to see how easy it is to add nodes to the cluster. Click on Add Nodes > Select nodes as either Manager or Worker based on your requirement. Docker UCP Team has done great job in providing features like “-advertise-addr` to build up the cluster in few seconds.
It just took 5 minutes to bring up 6 nodes cluster.
Please ensure that the following ports are not under firewall.
HTTP Routing Mesh & Load Balancing
Let us try out another interesting new feature – Routing Mesh. It makes use of LB concepts.It provides global publish port for a given service. The routing mesh uses port based service discovery and load balancing. So to reach any service from outside the cluster you need to expose ports and reach them via the Published Port.
Docker 1.12 Engine creates “ingress” overlay network to achieve the routing mesh. Usually the frontend web service and sandbox are part of “ingress” network and take care in routing mesh.All nodes become part of “ingress” overlay network by default using the sandbox network namespace created inside each node.
Let us try to setup a simple wordpress application and see how Routing Mesh works.
i. Create a network called “collabnet”. UCP Team has done a great job in covering almost all the features which we use under CLI option.
As shown below, a network “collabnet” with the scope “swarm” gets created:
ii. Creating a wordpress application
Typically, while creating a frontend service with name “wordpressapp” we usually run the below command. If you want to pass the same parameter through UCP UI, its matter of just few seconds:
$sudo docker service create –env WORDPRESS_DB_HOST=wordpressdb1 –env WORDPRESS_DB_PASSWORD=collab123 –network collabnet –replicas 4 –name wordpressapp –publish 80:80/tcp wordpress:latest
Let us enable Routing Mesh as shown below:
Once Routing Mesh is enabled, you can access it from any node even if the particular node is not running any container which serves the wordpress application. Let us try accessing it from worker-5 as shown below:
Cool.. Routing Mesh just works flawlessly.
Integrating Notary Installation and HA as part of DTR:
Installing DTR is a matter of single on-liner command as shown below:
Setting up Centralized Logging through UCP
Under admin settings > Logs section, one can supply the rsyslog server details to push all the cluster logs to a centralized location.
TLS Mutual Authentication and Encryption:
UCP Team has done another great job in including TLS mutual authentication and encryption feature to secure communications between itself and all other nodes. There is also cert rotation, which is awesome especially from a compliance point of view. The TLS encryption also ensures that the nodes are connecting to the correct managers in the swarm.
Rotation Join tokens are secrets that allow a node to join the swarm. There are two different join tokens available, one for the worker role and one for the manager role. One usually pass the token using the
--token flag when you run swarm join. Nodes use the join token only when they join the swarm. One can view or rotate the join tokens using
swarm join-token. We have now these features rightly available under Docker Datacenter as shown below:
Raft Consensus, Orchestrator & Dispatcher specific Changes:
One of the compelling feature which has been introduced under the latest Docker datacenter is capability to alter and control Raft consensus parameter, orchestration and Dispatcher specific changes. These features were enabled in the recent 1.12.2 release and have been put under
docker swarm update command as shown below:
--snapshot-interval is an important parameter useful for performance tuning while –dispatcher-heartbeat duration controls heartbeat period which is default 5 seconds.
In the future post, I am going to talk about DTR, Docker-compose V2 specific examples and cluster configuration under the latest Docker datacenter.