# Docker "Swarm Mode" Lab

Based on Mario's gist here: https://gist.github.com/l0rd/5186cc80f8f26dc7e9490abca4405830

# Requirements
- Docker 1.12
- Docker machine
- Virtualbox

# Create 3 nodes for your swarm cluster (one master and 2 slaves)

We will create 3 nodes using docker-machine/virtualbox.

#### NOTE:
You may see errors as below, and an error reported by "docker-machine ls", leave some time for the swmaster1 to settle.

In the meantime you can go ahead and create the 2 swnode's below.

In [None]:
. ~/.docker.rc

In [11]:
MACHINE_DRIVER=virtualbox

#MACHINE_DRIVER=digitalocean
#MACHINE_DRIVER=azure
#MACHINE_DRIVER=google

cleanup_machines() { docker-machine rm -f swmaster1 swnode1 swnode2; }

time_before() { BEFORE=$(date +%s); }
time_after()  { AFTER=$(date +%s);  let TOOK=AFTER-BEFORE; echo "Command <$*> took $TOOK secs to complete"; }

create_machine() {
    local DRIVER=$1; shift
    local NODE=$1; shift
    
    time_before
        
    local CMD="docker-machine create -d $DRIVER $NODE"
    echo "Running command <$CMD> ..."
    $CMD

    time_after ""$CMD""
}
create_machine_m1() {
    create_machine $MACHINE_DRIVER swmaster1
}

create_machine_1() {
    create_machine $MACHINE_DRIVER swnode1
}

create_machine_2() {
    create_machine $MACHINE_DRIVER swnode2
}

create_machines() {
    create_machine_m1
    create_machine_m2
    create_machine_m3
}

Let's cleanup any remaining machines, if they exist already ..

In [None]:
docker-machine ls

In [None]:
cleanup_machines;

In [None]:
VBoxManage list runningvms

docker-machine ls

Now let's create our new nodes

**NOTE:** You may see some worrying messages from "*docker-machine ls*" but wait a minute or two until the node creation is complete

In [12]:
create_machine_m1

Running ommand <docker-machine create -d virtualbox swmaster1> ...
Running pre-create checks...
Creating machine...
(swmaster1) Copying /home/mjb/.docker/machine/cache/boot2docker.iso to /home/mjb/.docker/machine/machines/swmaster1/boot2docker.iso...
(swmaster1) Creating VirtualBox VM...
(swmaster1) Creating SSH key...
(swmaster1) Starting the VM...
(swmaster1) Check network to re-create if needed...
(swmaster1) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env swmaster1
Command <docker-machin

After creation of a node you should see something like the following from "*docker-machine ls*"

In [5]:
docker-machine ls

NAME        ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER        ERRORS
swmaster1   -        virtualbox   Running   tcp://192.168.99.100:2376           v17.05.0-ce   


In [6]:
create_machine_1

+ docker-machine create -d virtualbox swnode1
Running pre-create checks...
Creating machine...
(swnode1) Copying /home/mjb/.docker/machine/cache/boot2docker.iso to /home/mjb/.docker/machine/machines/swnode1/boot2docker.iso...
(swnode1) Creating VirtualBox VM...
(swnode1) Creating SSH key...
(swnode1) Starting the VM...
(swnode1) Check network to re-create if needed...
(swnode1) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env swnode1
+ set +x


In [7]:
VBoxManage list runningvms

docker-machine ls

NAME        ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER        ERRORS
swmaster1   -        virtualbox   Running   tcp://192.168.99.100:2376           v17.05.0-ce   
swnode1     -        virtualbox   Running   tcp://192.168.99.101:2376           v17.05.0-ce   


In [8]:
create_machine_2

+ docker-machine create -d virtualbox swnode2
Running pre-create checks...
Creating machine...
(swnode2) Copying /home/mjb/.docker/machine/cache/boot2docker.iso to /home/mjb/.docker/machine/machines/swnode2/boot2docker.iso...
(swnode2) Creating VirtualBox VM...
(swnode2) Creating SSH key...
(swnode2) Starting the VM...
(swnode2) Check network to re-create if needed...
(swnode2) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env swnode2
+ set +x


In [14]:
docker-machine ls

NAME        ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER        ERRORS
swmaster1   -        virtualbox   Running   tcp://192.168.99.103:2376           v17.05.0-ce   
swnode1     -        virtualbox   Running   tcp://192.168.99.101:2376           v17.05.0-ce   
swnode2     -        virtualbox   Running   tcp://192.168.99.102:2376           v17.05.0-ce   


In [15]:
VBoxManage list runningvms

"swnode1" {05f8c2c6-bf59-4780-9277-3d8cf57b4beb}
"swnode2" {10fa4567-d545-4b2d-903c-184381d22094}
"swmaster1" {576f28c7-796e-47d4-a1b1-55dada4bba14}


# swarm init

Now that we have 3 nodes available, we will initialize our Swarm Cluster with 1 master node.

### Directing the docker client to a particular nodes' docker daemon
**NOTE**: See that we precede all docker commands with $(docker-machine config NODE) where node is the name of the node to which we want our docker client to connect to.  This command returns the parameters to direct our client to the appropriate node.  Run alone this produces:

In [16]:
docker-machine config swmaster1

--tlsverify
--tlscacert="/home/mjb/.docker/machine/machines/swmaster1/ca.pem"
--tlscert="/home/mjb/.docker/machine/machines/swmaster1/cert.pem"
--tlskey="/home/mjb/.docker/machine/machines/swmaster1/key.pem"
-H=tcp://192.168.99.103:2376


We can also obtain these values as environment variables

In [17]:
docker-machine env swmaster1

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.103:2376"
export DOCKER_CERT_PATH="/home/mjb/.docker/machine/machines/swmaster1"
export DOCKER_MACHINE_NAME="swmaster1"
# Run this command to configure your shell: 
# eval $(docker-machine env swmaster1)


Including these parameters on the docker command line will connect the client to the docker daemon running on node '*swmaster1*'.

### Networks before creation of swarm cluster
Before going further let's look at the networks on your machine.

Later, we'll see how a new network is created once the swarm cluster has been created.

In [18]:
docker $(docker-machine config swmaster1) network ls

NETWORK ID          NAME                DRIVER              SCOPE
07a2fc987f6d        bridge              bridge              local
89cf8f9a6cb6        host                host                local
ade5bd0c96a2        none                null                local


Now let's identify the ip address of our master node.

We can see this through config or ip commands of docker-machine as shown below.

In [19]:
docker-machine ip swmaster1

192.168.99.103


We could then provide the above ip address as parameter to --advertise-addr when initializing the swarm.

However, it is quite convenient to run the above commands embedded, as below, as arguments to the swarm init command.

docker-machine config swmaster1 provides the parameters to use when connecting to the appropriate docker engine for our machine "swmaster1".

The following command will run swarm init to generate the cluster with 'swmaster1' as the Master node.
You should see output similar to the below:

In [20]:
docker $(docker-machine config swmaster1) swarm init --advertise-addr $(docker-machine ip swmaster1)

Swarm initialized: current node (tv3cvlut0s1vpibv61ked34xb) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join \
    --token SWMTKN-1-3v4dzhfl6hmlohnkov02991x9c9mg3ozj20nojidm6dm67nupo-ev2e3cxpcuqlvmze4hzag7ry8 \
    192.168.99.103:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.



A docker info should now show "Swarm: active" as below:

In [21]:
docker $(docker-machine config swmaster1) info

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 17.05.0-ce
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 0
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: active
 NodeID: tv3cvlut0s1vpibv61ked34xb
 Is Manager: true
 ClusterID: qeg4jvqdm5tmntjrvzud2obfo
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 3
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
 Node Address: 192.168.99.103
 Manager Addresses:
  192.168.99.103:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9048e5e50717ea4497b757314bad98ea3763c145
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Security Options:
 s

If we look at the networks we should now see new networks such as '*ingress*' an overlay network and docker_gwbridge for the swarm cluster.

In [22]:
docker $(docker-machine config swmaster1) network ls

NETWORK ID          NAME                DRIVER              SCOPE
07a2fc987f6d        bridge              bridge              local
85bd2a222153        docker_gwbridge     bridge              local
89cf8f9a6cb6        host                host                local
icyizc63uwwf        ingress             overlay             swarm
ade5bd0c96a2        none                null                local


# swarm join

Now we wish to join Master and Worker nodes to our swarm cluster, to do this we need to obtain the token generated during the "swarm init".

Let's save that token to an environment variable as follows:

In [24]:
worker_token=$(docker $(docker-machine config swmaster1) swarm join-token worker -q)

In [25]:
echo $worker_token

SWMTKN-1-3v4dzhfl6hmlohnkov02991x9c9mg3ozj20nojidm6dm67nupo-ev2e3cxpcuqlvmze4hzag7ry8


Now we can use this token to join nodes as a worker to this cluster

Note: we could also join nodes as Master, but we have only 3 nodes available.

Let's join swnode1 as a worker node

In [26]:
docker $(docker-machine config swnode1) swarm join --token $worker_token $(docker-machine ip swmaster1):2377

This node joined a swarm as a worker.


Now we can use the same token to join node swnode2 as a worker node


In [27]:
docker $(docker-machine config swnode2) swarm join --token $worker_token $(docker-machine ip swmaster1):2377

This node joined a swarm as a worker.


# start service

First we check for any running services - there should be none in our newly initialized cluster:

In [28]:
docker $(docker-machine config swmaster1) service ls

ID                  NAME                MODE                REPLICAS            IMAGE


Now we will create a new service based on the docker image mjbright/docker-demo

We will expose this service on port 8080


In [29]:
docker $(docker-machine config swmaster1) service create --replicas 1 --name docker-demo -p 8080:8080 mjbright/docker-demo:20

wixwvwblvyqfrwrv65z7bx2u4


Now we list services again and we should see our newly added docker-demo service

In [30]:
docker $(docker-machine config swmaster1) service ls

ID                  NAME                MODE                REPLICAS            IMAGE
wixwvwblvyqf        docker-demo         replicated          0/1                 mjbright/docker-demo:20


it may take a few seconds until the service has a running container (see REPLICAS column) especially if the container image has not yet been downloaded

In [31]:
docker $(docker-machine config swmaster1) service ls

ID                  NAME                MODE                REPLICAS            IMAGE
wixwvwblvyqf        docker-demo         replicated          1/1                 mjbright/docker-demo:20


... and we can look at the service as seen by the cluster:

In [32]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
oyx2x4opyppo        docker-demo.1       mjbright/docker-demo:20   swmaster1           Running             Running 2 minutes ago                       


... and we can look at the service on the individual cluster nodes.

Of course as we set replicas to 1 there is only 1 replica of the service for the moment, running on just 1 node of our cluster:

In [33]:
docker $(docker-machine config swmaster1) ps

CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS               NAMES
ac95573e44b7        mjbright/docker-demo:20   "/bin/docker-demo ..."   2 minutes ago       Up 2 minutes        8080/tcp            docker-demo.1.oyx2x4opyppousfn04bkbiumf


In [34]:
docker $(docker-machine config swnode1) ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


In [35]:
docker $(docker-machine config swnode2) ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


# Accessing the service

As we are working remotely we need to create an ssh tunnel through to the swarm cluster to access our service, exposing the port 8080 on your local machine.

We can obtain the ip address of the swarm master node as follows.

In [36]:
docker-machine ip swmaster1

192.168.99.103


Let's set an environment variable with that ip address

In [39]:
MASTERIP=$(docker-machine ip swmaster1)

Then open your web browser at the page http://<MASTERIP>:8080 (replace <MASTERIP> with the appropriate value) and you should see a lovely blue whale, as below:

![](images/docker.png)


Alternatively we can connect using a command-line client (the web server detects if it's a wget or curl request and returns ASCII text instead of an image).

In [38]:


wget -O - http://$MASTERIP:8080

--2017-05-11 12:38:24--  http://192.168.99.103:8080/
Connecting to 192.168.99.103:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/txt]
Saving to: ‘STDOUT’

-                       [<=>                 ]       0  --.-KB/s               

[1;36m
                                                .---------.                                          
                                               .///++++/:.                                          
                                               .///+++//:.                                          
                                               .///+++//:.                                          
                             ``````````````````.:///////:.                       `                  
                             .-///////:://+++//::///////-.                      .--.                
                             .:::///:::///+++///:::///:::.                     .:ss+-`              
   

# scale service

Now we can scale the service to 3 replicas:

In [40]:
docker $(docker-machine config swmaster1) service scale docker-demo=3

docker-demo scaled to 3


In [41]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE                    ERROR               PORTS
oyx2x4opyppo        docker-demo.1       mjbright/docker-demo:20   swmaster1           Running             Running 10 minutes ago                               
5t1wedqqf6em        docker-demo.2       mjbright/docker-demo:20   swnode1             Running             Running less than a second ago                       
brm99dsxxs39        docker-demo.3       mjbright/docker-demo:20   swnode2             Running             Running less than a second ago                       


# rolling-update

Now we will see how we can perform a rolling update.

We initially deployed version 20 of the service, now we will upgrade our whole cluster to version 21


In [42]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
oyx2x4opyppo        docker-demo.1       mjbright/docker-demo:20   swmaster1           Running             Running 10 minutes ago                       
5t1wedqqf6em        docker-demo.2       mjbright/docker-demo:20   swnode1             Running             Running 15 seconds ago                       
brm99dsxxs39        docker-demo.3       mjbright/docker-demo:20   swnode2             Running             Running 15 seconds ago                       


In [43]:
docker $(docker-machine config swmaster1) service update --image mjbright/docker-demo:21 docker-demo

docker-demo


In [44]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
oyx2x4opyppo        docker-demo.1       mjbright/docker-demo:20   swmaster1           Running             Running 10 minutes ago                                
z3msyntgj0l0        docker-demo.2       mjbright/docker-demo:21   swnode1             Running             Preparing 1 second ago                                
5t1wedqqf6em         \_ docker-demo.2   mjbright/docker-demo:20   swnode1             Shutdown            Shutdown less than a second ago                       
brm99dsxxs39        docker-demo.3       mjbright/docker-demo:20   swnode2             Running             Running 27 seconds ago                                


Again it may take a few moments until the new image is downloaded and operational on all nodes.

Once the new image has been downloaded and started on all nodes you should see something like:

In [45]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE                 ERROR               PORTS
z1i7ckgnv1nj        docker-demo.1       mjbright/docker-demo:21   swmaster1           Running             Running 32 seconds ago                            
oyx2x4opyppo         \_ docker-demo.1   mjbright/docker-demo:20   swmaster1           Shutdown            Shutdown about a minute ago                       
z3msyntgj0l0        docker-demo.2       mjbright/docker-demo:21   swnode1             Running             Running 2 minutes ago                             
5t1wedqqf6em         \_ docker-demo.2   mjbright/docker-demo:20   swnode1             Shutdown            Shutdown 2 minutes ago                            
vnxe3ml5a6sc        docker-demo.3       mjbright/docker-demo:21   swnode2             Running             Running about a minute ago                        
brm99dsxxs39         \_ docker-demo.3   mjbright/dock

### Verifying the service has been updated

Then open your web browser at the page http://localhost:8080 and you should now see a lovely **red** whale.


![](images/docker_red.png)

of if you prefer the command-line ..

In [46]:
wget -O - http://$MASTERIP:8080

--2017-05-11 12:48:06--  http://192.168.99.103:8080/
Connecting to 192.168.99.103:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/txt]
Saving to: ‘STDOUT’

-                       [<=>                 ]       0  --.-KB/s               

[1;31m
                                                .---------.                                          
                                               .///++++/:.                                          
                                               .///+++//:.                                          
                                               .///+++//:.                                          
                             ``````````````````.:///////:.                       `                  
                             .-///////:://+++//::///////-.                      .--.                
                             .:::///:::///+++///:::///:::.                     .:ss+-`              
   

# drain a node

We can drain a node effectively placing it in 'maintenance mode'.

Draining a node means that it no longer has running tasks on it.

In [47]:
docker $(docker-machine config swmaster1) node ls

ID                           HOSTNAME   STATUS  AVAILABILITY  MANAGER STATUS
0b7dgc4in66kyf6bvdu8ofgzz    swnode1    Ready   Active        
porodj82k7a48b0o6p69rsemh    swnode2    Ready   Active        
tv3cvlut0s1vpibv61ked34xb *  swmaster1  Ready   Active        Leader


Let's drain swnode1

In [48]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
z1i7ckgnv1nj        docker-demo.1       mjbright/docker-demo:21   swmaster1           Running             Running 3 minutes ago                        
oyx2x4opyppo         \_ docker-demo.1   mjbright/docker-demo:20   swmaster1           Shutdown            Shutdown 4 minutes ago                       
z3msyntgj0l0        docker-demo.2       mjbright/docker-demo:21   swnode1             Running             Running 5 minutes ago                        
5t1wedqqf6em         \_ docker-demo.2   mjbright/docker-demo:20   swnode1             Shutdown            Shutdown 5 minutes ago                       
vnxe3ml5a6sc        docker-demo.3       mjbright/docker-demo:21   swnode2             Running             Running 4 minutes ago                        
brm99dsxxs39         \_ docker-demo.3   mjbright/docker-demo:20   swnode2          

In [49]:
docker $(docker-machine config swmaster1) node update --availability drain swnode1

swnode1


and now we see that all services on swnode1 are shutdown

In [50]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
z1i7ckgnv1nj        docker-demo.1       mjbright/docker-demo:21   swmaster1           Running             Running 3 minutes ago                        
oyx2x4opyppo         \_ docker-demo.1   mjbright/docker-demo:20   swmaster1           Shutdown            Shutdown 4 minutes ago                       
kqga3fn8y88q        docker-demo.2       mjbright/docker-demo:21   swmaster1           Ready               Ready 4 seconds ago                          
z3msyntgj0l0         \_ docker-demo.2   mjbright/docker-demo:21   swnode1             Shutdown            Running 4 seconds ago                        
5t1wedqqf6em         \_ docker-demo.2   mjbright/docker-demo:20   swnode1             Shutdown            Shutdown 5 minutes ago                       
vnxe3ml5a6sc        docker-demo.3       mjbright/docker-demo:21   swnode2          

But as we had request 3 replicas of our service the Swarm mode will take care to start extra instances on other nodes so that we still have 3 replicas of the service running.

So after a few seconds we see that we once again have 3 replicas in the *Running* state, as shown below:

In [51]:
docker $(docker-machine config swmaster1) service ps docker-demo

ID                  NAME                IMAGE                     NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
z1i7ckgnv1nj        docker-demo.1       mjbright/docker-demo:21   swmaster1           Running             Running 6 minutes ago                        
oyx2x4opyppo         \_ docker-demo.1   mjbright/docker-demo:20   swmaster1           Shutdown            Shutdown 7 minutes ago                       
kqga3fn8y88q        docker-demo.2       mjbright/docker-demo:21   swmaster1           Running             Running 2 minutes ago                        
z3msyntgj0l0         \_ docker-demo.2   mjbright/docker-demo:21   swnode1             Shutdown            Shutdown 2 minutes ago                       
5t1wedqqf6em         \_ docker-demo.2   mjbright/docker-demo:20   swnode1             Shutdown            Shutdown 8 minutes ago                       
vnxe3ml5a6sc        docker-demo.3       mjbright/docker-demo:21   swnode2          

# remove a service

Now let's cleanup by removing our service

In [52]:
docker $(docker-machine config swmaster1) service rm docker-demo

docker-demo


We can check that the service is no longer running:

In [53]:
docker $(docker-machine config swmaster1) service ps docker-demo

no such services: docker-demo


: 1

In [54]:
docker $(docker-machine config swmaster1) ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
