如何使用 Docker Swarm 部署 Hashicorp 的 Vault 和 Consul

讓我們看看如何使用 Docker Swarm 將 Hashicorp 的 Vault 和 Consul 部署到 DigitalOcean。

完成後,您將能夠:

  1. 使用 Docker Machine 在 DigitalOcean 上配置主機
  2. 配置 Docker Swarm 集群以在 DigitalOcean 上運行
  3. 在 Docker Swarm 上運行 Vault 和 Consul

主要依賴:

  • 碼頭工人 v20.10.8
  • Docker-Compose v1.29.2
  • Docker-Machine v0.16.2
  • 保險櫃 v1.8.3
  • 領事 v1.10.3

領事

創建一個新的項目目錄:

$ mkdir vault-consul-swarm && cd vault-consul-swarm

然後,將docker-compose.yml文件添加到項目根目錄:

version: "3.8"

services:

  server-bootstrap:
    image: consul:1.10.3
    ports:
      - 8500:8500
    command: "agent -server -bootstrap-expect 3 -ui -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"

  server:
    image: consul:1.10.3
    command: "agent -server -retry-join server-bootstrap -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
    deploy:
      replicas: 2
    depends_on:
      - server-bootstrap

  client:
    image: consul:1.10.3
    command: "agent -retry-join server-bootstrap -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
    deploy:
      replicas: 2
    depends_on:
      - server-bootstrap

networks:
  default:
    external: true
    name: core

此配置應該看起來很熟悉。

  1. 有關在 Docker Swarm 模式下使用 compose 文件的更多信息,請參閱在 Docker Swarm 上運行 Flask博客文章的Compose File部分。
  2. 查看Consul 和 Docker指南以獲取有關上述 Consul 配置的信息。

碼頭工人群

註冊一個DigitalOcean帳戶(如果您還沒有),然後生成一個訪問令牌,以便您可以訪問 DigitalOcean API。

將令牌添加到您的環境中:

$ export DIGITAL_OCEAN_ACCESS_TOKEN=[your_digital_ocean_token]

旋轉三個液滴:

$ for i in 1 2 3; do
    docker-machine create \
      --driver digitalocean \
      --digitalocean-region "nyc1" \
      --digitalocean-image=debian-10-x64 \
      --engine-install-url "https://releases.rancher.com/install-docker/19.03.9.sh" \
      --digitalocean-access-token $DIGITAL_OCEAN_ACCESS_TOKEN \
      node-$i;
done

在第一個節點上初始化Swarm 模式node-1

$ docker-machine ssh node-1 -- docker swarm init --advertise-addr $(docker-machine ip node-1)

使用上一個命令輸出中的連接令牌將剩餘的兩個節點作為工作人員添加到 Swarm:

$ for i in 2 3; do
    docker-machine ssh node-$i -- docker swarm join --token YOUR_JOIN_TOKEN HOST:PORT;
done

例如:

for i in 2 3; do
    docker-machine ssh node-$i -- docker swarm join --token SWMTKN-1-18xrfgcgq7k6krqr7tvav3ydx5c5104y662lzh4pyct2t0ror3-e3ed1ggivhf8z15i40z6x55g5 67.205.165.166:2377;
done

你應該看到:

This node joined a swarm as a worker.
This node joined a swarm as a worker.

將 Docker 守護進程指向node-1,創建一個可附加的覆蓋網絡(稱為core),然後部署堆棧:

$ eval $(docker-machine env node-1)
$ docker network create -d overlay --attachable core
$ docker stack deploy --compose-file=docker-compose.yml secrets

列出堆棧中的服務:

$ docker stack ps -f "desired-state=running" secrets

您應該會看到類似於以下內容的內容:

ID             NAME                         IMAGE          NODE     DESIRED STATE   CURRENT STATE
b5f5eycrhf3o   secrets_client.1             consul:1.10.3   node-1   Running         Running 7 seconds ago
zs7a5t8khcew   secrets_server.1             consul:1.10.3   node-2   Running         Running 9 seconds ago
qnhtlan6m0sp   secrets_server-bootstrap.1   consul:1.10.3   node-1   Running         Running 7 seconds ago
u61eycesmsl7   secrets_client.2             consul:1.10.3   node-2   Running         Running 9 seconds ago
vgpql8lfy5fi   secrets_server.2             consul:1.10.3   node-3   Running         Running 9 seconds ago

獲取與關聯的 IP node-1

$ docker-machine ip node-1

然後,在瀏覽器中的http://YOUR_MACHINE_IP:8500/ui中測試 Consul UI 。應該有三個正在運行的服務和五個節點。

領事用戶界面服務

領事用戶界面節點

保險庫

vault服務添加到docker-compose.yml

vault:
  image: vault:1.8.3
  deploy:
    replicas: 1
  ports:
    - 8200:8200
  environment:
    - VAULT_ADDR=http://127.0.0.1:8200
    - VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"http://server-bootstrap:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}},"ui":true, "disable_mlock":true}
  command: server
  depends_on:
    - consul

注意VAULT_LOCAL_CONFIG環境變量:

{
  "backend": {
    "consul": {
      "address": "http://server-bootstrap:8500",
      "path": "vault/"
    }
  },
  "listener": {
    "tcp": {
      "address": "0.0.0.0:8200",
      "tls_disable": 1
    }
  },
  "ui": true,
  "disable_mlock": true
}

查看使用 Vault 和 Consul 管理秘密博客文章中的Consul 後端部分以獲取更多信息。此外,不建議將disable_mlock設置為生產環境;但是,它必須啟用,因為它在 Docker Swarm 模式下不可用。有關詳細信息,請參閱以下 GitHub 問題:true--cap-add

  1. --cap-add=IPC_LOCK 在 docker swarm 中不可用
  2. 缺少 Swarmmode --cap-add

測試

重新部署堆棧:

$ docker stack deploy --compose-file=docker-compose.yml secrets

等待幾秒鐘讓服務啟動,然後檢查狀態:

$ docker stack ps -f "desired-state=running" secrets

同樣,您應該會看到類似於以下內容的內容:

ID             NAME                         IMAGE           NODE      DESIRED STATE   CURRENT STATE
xtfsetfrbrs7   secrets_client.1             consul:1.10.3   node-3    Running         Running 19 minutes ago
ydqxexgiyzb2   secrets_client.2             consul:1.10.3   node-1    Running         Running 19 minutes ago
izlku3y6j8rp   secrets_server-bootstrap.1   consul:1.10.3   node-2    Running         Running 19 minutes ago
zqpkcrhrix2x   secrets_server.1             consul:1.10.3   node-1    Running         Running 19 minutes ago
kmlxuhxw1akv   secrets_server.2             consul:1.10.3   node-2    Running         Running 19 minutes ago
wfmscoj53m39   secrets_vault.1              vault:1.8.3     node-3    Running         Running about a minute ago

接下來,確保 Vault 列在 Consul UI 的“服務”部分:

領事用戶界面服務

您現在應該能夠通過 CLI、HTTP API 和 UI 與 Vault 進行交互。首先初始化和解封 Vault。然後,登錄並創建一個新密碼。

完成後刪除節點:

$ docker-machine rm node-1 node-2 node-3 -y

自動化腳本

最後,讓我們創建一個快速腳本來自動化部署過程:

  1. 使用 Docker Machine 提供三個 DigitalOcean 液滴
  2. 配置 Docker Swarm 模式
  3. 將節點添加到 Swarm
  4. 部署堆棧

將名為deploy.sh的新文件添加到項目根目錄:

#!/bin/bash


echo "Spinning up three droplets..."

for i in 1 2 3; do
  docker-machine create \
    --driver digitalocean \
    --digitalocean-region "nyc1" \
    --digitalocean-image=debian-10-x64 \
    --engine-install-url "https://releases.rancher.com/install-docker/19.03.9.sh" \
    --digitalocean-access-token $DIGITAL_OCEAN_ACCESS_TOKEN \
    node-$i;
done


echo "Initializing Swarm mode..."

docker-machine ssh node-1 -- docker swarm init --advertise-addr $(docker-machine ip node-1)


echo "Adding the nodes to the Swarm..."

TOKEN=`docker-machine ssh node-1 docker swarm join-token worker | grep token | awk '{ print $5 }'`

for i in 2 3; do
  docker-machine ssh node-$i \
    -- docker swarm join --token ${TOKEN} $(docker-machine ip node-1):2377;
done


echo "Creating networking..."

eval $(docker-machine env node-1)
docker network create -d overlay --attachable core


echo "Deploying the stack..."

docker stack deploy --compose-file=docker-compose.yml secrets

試試看!

$ sh deploy.sh

完成後放下水滴:

$ docker-machine rm node-1 node-2 node-3 -y

代碼可以在vault-consul-swarm 倉庫中找到。乾杯!

來源:  https ://testdriven.io

#docker #vault 

What is GEEK

Buddha Community

如何使用 Docker Swarm 部署 Hashicorp 的 Vault 和 Consul

如何使用 Docker Swarm 部署 Hashicorp 的 Vault 和 Consul

讓我們看看如何使用 Docker Swarm 將 Hashicorp 的 Vault 和 Consul 部署到 DigitalOcean。

完成後,您將能夠:

  1. 使用 Docker Machine 在 DigitalOcean 上配置主機
  2. 配置 Docker Swarm 集群以在 DigitalOcean 上運行
  3. 在 Docker Swarm 上運行 Vault 和 Consul

主要依賴:

  • 碼頭工人 v20.10.8
  • Docker-Compose v1.29.2
  • Docker-Machine v0.16.2
  • 保險櫃 v1.8.3
  • 領事 v1.10.3

領事

創建一個新的項目目錄:

$ mkdir vault-consul-swarm && cd vault-consul-swarm

然後,將docker-compose.yml文件添加到項目根目錄:

version: "3.8"

services:

  server-bootstrap:
    image: consul:1.10.3
    ports:
      - 8500:8500
    command: "agent -server -bootstrap-expect 3 -ui -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"

  server:
    image: consul:1.10.3
    command: "agent -server -retry-join server-bootstrap -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
    deploy:
      replicas: 2
    depends_on:
      - server-bootstrap

  client:
    image: consul:1.10.3
    command: "agent -retry-join server-bootstrap -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
    deploy:
      replicas: 2
    depends_on:
      - server-bootstrap

networks:
  default:
    external: true
    name: core

此配置應該看起來很熟悉。

  1. 有關在 Docker Swarm 模式下使用 compose 文件的更多信息,請參閱在 Docker Swarm 上運行 Flask博客文章的Compose File部分。
  2. 查看Consul 和 Docker指南以獲取有關上述 Consul 配置的信息。

碼頭工人群

註冊一個DigitalOcean帳戶(如果您還沒有),然後生成一個訪問令牌,以便您可以訪問 DigitalOcean API。

將令牌添加到您的環境中:

$ export DIGITAL_OCEAN_ACCESS_TOKEN=[your_digital_ocean_token]

旋轉三個液滴:

$ for i in 1 2 3; do
    docker-machine create \
      --driver digitalocean \
      --digitalocean-region "nyc1" \
      --digitalocean-image=debian-10-x64 \
      --engine-install-url "https://releases.rancher.com/install-docker/19.03.9.sh" \
      --digitalocean-access-token $DIGITAL_OCEAN_ACCESS_TOKEN \
      node-$i;
done

在第一個節點上初始化Swarm 模式node-1

$ docker-machine ssh node-1 -- docker swarm init --advertise-addr $(docker-machine ip node-1)

使用上一個命令輸出中的連接令牌將剩餘的兩個節點作為工作人員添加到 Swarm:

$ for i in 2 3; do
    docker-machine ssh node-$i -- docker swarm join --token YOUR_JOIN_TOKEN HOST:PORT;
done

例如:

for i in 2 3; do
    docker-machine ssh node-$i -- docker swarm join --token SWMTKN-1-18xrfgcgq7k6krqr7tvav3ydx5c5104y662lzh4pyct2t0ror3-e3ed1ggivhf8z15i40z6x55g5 67.205.165.166:2377;
done

你應該看到:

This node joined a swarm as a worker.
This node joined a swarm as a worker.

將 Docker 守護進程指向node-1,創建一個可附加的覆蓋網絡(稱為core),然後部署堆棧:

$ eval $(docker-machine env node-1)
$ docker network create -d overlay --attachable core
$ docker stack deploy --compose-file=docker-compose.yml secrets

列出堆棧中的服務:

$ docker stack ps -f "desired-state=running" secrets

您應該會看到類似於以下內容的內容:

ID             NAME                         IMAGE          NODE     DESIRED STATE   CURRENT STATE
b5f5eycrhf3o   secrets_client.1             consul:1.10.3   node-1   Running         Running 7 seconds ago
zs7a5t8khcew   secrets_server.1             consul:1.10.3   node-2   Running         Running 9 seconds ago
qnhtlan6m0sp   secrets_server-bootstrap.1   consul:1.10.3   node-1   Running         Running 7 seconds ago
u61eycesmsl7   secrets_client.2             consul:1.10.3   node-2   Running         Running 9 seconds ago
vgpql8lfy5fi   secrets_server.2             consul:1.10.3   node-3   Running         Running 9 seconds ago

獲取與關聯的 IP node-1

$ docker-machine ip node-1

然後,在瀏覽器中的http://YOUR_MACHINE_IP:8500/ui中測試 Consul UI 。應該有三個正在運行的服務和五個節點。

領事用戶界面服務

領事用戶界面節點

保險庫

vault服務添加到docker-compose.yml

vault:
  image: vault:1.8.3
  deploy:
    replicas: 1
  ports:
    - 8200:8200
  environment:
    - VAULT_ADDR=http://127.0.0.1:8200
    - VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"http://server-bootstrap:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}},"ui":true, "disable_mlock":true}
  command: server
  depends_on:
    - consul

注意VAULT_LOCAL_CONFIG環境變量:

{
  "backend": {
    "consul": {
      "address": "http://server-bootstrap:8500",
      "path": "vault/"
    }
  },
  "listener": {
    "tcp": {
      "address": "0.0.0.0:8200",
      "tls_disable": 1
    }
  },
  "ui": true,
  "disable_mlock": true
}

查看使用 Vault 和 Consul 管理秘密博客文章中的Consul 後端部分以獲取更多信息。此外,不建議將disable_mlock設置為生產環境;但是,它必須啟用,因為它在 Docker Swarm 模式下不可用。有關詳細信息,請參閱以下 GitHub 問題:true--cap-add

  1. --cap-add=IPC_LOCK 在 docker swarm 中不可用
  2. 缺少 Swarmmode --cap-add

測試

重新部署堆棧:

$ docker stack deploy --compose-file=docker-compose.yml secrets

等待幾秒鐘讓服務啟動,然後檢查狀態:

$ docker stack ps -f "desired-state=running" secrets

同樣,您應該會看到類似於以下內容的內容:

ID             NAME                         IMAGE           NODE      DESIRED STATE   CURRENT STATE
xtfsetfrbrs7   secrets_client.1             consul:1.10.3   node-3    Running         Running 19 minutes ago
ydqxexgiyzb2   secrets_client.2             consul:1.10.3   node-1    Running         Running 19 minutes ago
izlku3y6j8rp   secrets_server-bootstrap.1   consul:1.10.3   node-2    Running         Running 19 minutes ago
zqpkcrhrix2x   secrets_server.1             consul:1.10.3   node-1    Running         Running 19 minutes ago
kmlxuhxw1akv   secrets_server.2             consul:1.10.3   node-2    Running         Running 19 minutes ago
wfmscoj53m39   secrets_vault.1              vault:1.8.3     node-3    Running         Running about a minute ago

接下來,確保 Vault 列在 Consul UI 的“服務”部分:

領事用戶界面服務

您現在應該能夠通過 CLI、HTTP API 和 UI 與 Vault 進行交互。首先初始化和解封 Vault。然後,登錄並創建一個新密碼。

完成後刪除節點:

$ docker-machine rm node-1 node-2 node-3 -y

自動化腳本

最後,讓我們創建一個快速腳本來自動化部署過程:

  1. 使用 Docker Machine 提供三個 DigitalOcean 液滴
  2. 配置 Docker Swarm 模式
  3. 將節點添加到 Swarm
  4. 部署堆棧

將名為deploy.sh的新文件添加到項目根目錄:

#!/bin/bash


echo "Spinning up three droplets..."

for i in 1 2 3; do
  docker-machine create \
    --driver digitalocean \
    --digitalocean-region "nyc1" \
    --digitalocean-image=debian-10-x64 \
    --engine-install-url "https://releases.rancher.com/install-docker/19.03.9.sh" \
    --digitalocean-access-token $DIGITAL_OCEAN_ACCESS_TOKEN \
    node-$i;
done


echo "Initializing Swarm mode..."

docker-machine ssh node-1 -- docker swarm init --advertise-addr $(docker-machine ip node-1)


echo "Adding the nodes to the Swarm..."

TOKEN=`docker-machine ssh node-1 docker swarm join-token worker | grep token | awk '{ print $5 }'`

for i in 2 3; do
  docker-machine ssh node-$i \
    -- docker swarm join --token ${TOKEN} $(docker-machine ip node-1):2377;
done


echo "Creating networking..."

eval $(docker-machine env node-1)
docker network create -d overlay --attachable core


echo "Deploying the stack..."

docker stack deploy --compose-file=docker-compose.yml secrets

試試看!

$ sh deploy.sh

完成後放下水滴:

$ docker-machine rm node-1 node-2 node-3 -y

代碼可以在vault-consul-swarm 倉庫中找到。乾杯!

來源:  https ://testdriven.io

#docker #vault 

Panmure  Anho

Panmure Anho

1601301859

Kubernetes vs. Docker Swarm (k8 vs Docker Swarm)

Basically, both Kubernetes and Docker Swarm both are the container orchestration tool. The rise in interest to containers has in turn brought in higher demands for their deployment and management. Both Kubernetes and Docker Swarm are important tools that are used to deploy containers inside a cluster. So the question arises here is which one to use?

So lets discuss one by one and see the the differances between them.

Introduction to Kubernetes:

The name Kubernetes originates from Greek, meaning helmsman or pilot. Kubernetes is an open-source, portable, and extensible platform for managing containerized workload and services. That facilitates both declarative configuration and automation. Kubernetes manage the containers that run the applications and ensure that there is no downtime into a huge scale production environment.

Introduction to Docker swarm:

Docker swarm is a container orchestration tool, meaning that it allows the user to manage multiple containers deployed across multiple host machines. Docker Swarm is designed to work around four key principles:

  1. Less cluttered/heavy and with just working methodology
  2. No Single Point of Failure option for Docker Swarm
  3. Secure due to auto-generation of security certificates.
  4. Compatibility with Backward versions easily.

Here you get to know that both in some manner are the same , So now let’s check out the differences and see:

#devops #docker #docker swarm #kubernetes #swarm

Iliana  Welch

Iliana Welch

1595249460

Docker Explained: Docker Architecture | Docker Registries

Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub

In this video lesson you will learn:

  • What is Docker Host
  • What is Docker Engine
  • Learn about Docker Architecture
  • Learn about Docker client and Docker Daemon
  • Docker Hub and Registries
  • Simple demo to understand using images from registries

#docker #docker hub #docker host #docker engine #docker architecture #api

Aketch  Rachel

Aketch Rachel

1624332660

Selenium Grid With Docker Swarm

In this guide, we will talk about setting up a Selenium Grid using Docker Swarm on any of the cloud services like GCP or AWS.

Let’s start with the basics first, i.e. what is Selenium Grid and Docker Swarm.

What is Selenium Grid?

Selenium Grid allows the execution of WebDriver scripts on remote machines (virtual or real) by routing commands sent by the client to remote browser instances. It aims to provide an easy way to run tests in parallel on multiple machines.

Selenium Grid allows us to run tests in parallel on multiple machines, and to manage different browser versions and browser configurations centrally (instead of in each individual test).

Selenium Grid purposes and main functionalities

  1. A central entry point for all tests
  2. Management and control of the nodes/environment where the browsers run
  3. Scaling
  4. Running tests in parallel
  5. Load balancing

Now a question comes “When to use Grid”?

Generally speaking, there are two reasons why you might want to use Grid.

  1. To run your tests against multiple browsers, multiple versions of browsers, and browsers running on different operating systems.
  2. To reduce the time it takes for the test suite to complete a test pass.

Grid is used to speed up the execution of a test pass by using multiple machines to run tests in parallel. For example, if you have a suite of 100 tests, but you set up Grid to support 4 different machines (VMs or separate physical machines) to run those tests, your test suite will complete in (roughly) one-fourth the time as it would if you ran your tests sequentially on a single machine.

What is Docker Swarm?

Docker swarm is a container orchestration tool, meaning that it allows the user to manage multiple containers deployed across multiple host machines.

One of the key benefits associated with the operation of a docker swarm is the high level of availability offered for applications. In a docker swarm, there are typically several worker nodes and at least one manager node that is responsible for handling the worker nodes’ resources efficiently and ensuring that the cluster operates efficiently.

What are the two types of Docker Swarm mode services?

Docker Swarm has two types of services: replicated and global.

**Replicated services: **Swarm mode replicated services functions by you specifying the number of replica tasks for the swarm manager to assign to available nodes.

**Global services: **Global services function by using the swam manager to schedule one task to each available node that meets the services constraints and resource requirements.

#docker-swarm #docker #selenium #docker swarm

Audra  Haag

Audra Haag

1660582680

How to Deploy Hashicorp's Vault and Consul with Docker Swarm

Let's look at how to deploy Hashicorp's Vault and Consul to DigitalOcean with Docker Swarm.

Source: https://testdriven.io

#vault #docker