-
Notifications
You must be signed in to change notification settings - Fork 5
Swarm安装指南
Guang Chen edited this page Apr 7, 2016
·
5 revisions
生成证书 see https://docs.docker.com/engine/security/https/
CA只用创建一次,之后在不同的结点上分别创建csr然后到CA的server上去签署证书
修改/etc/default/docker
DOCKER_OPTS+=" -H unix:///var/run/docker.sock --tlsverify --tlscacert=/var/docker/ca.pem --tlscert=/var/docker/server-cert.pem --tlskey=/var/docker/server-key.pem -H tcp://<ip>:2376"
重启docker服务
sudo service docker restart
如果遇到任何问题可以查看/var/log/upstart/docker.log来检查错误信息
swarm:
image: swarm:1.1.3
command: manage --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/server-cert.pem --tlskey=/certs/server-key.pem -H 0.0.0.0:3376 --replication --advertise <manager-ip>:3376 consul://<consul-ip>:8500
volumes:
- /var/docker:/certs:ro
ports:
- "<manager-ip>:3376:3376"
restart: always
agent:
image: swarm:1.1.3
command: join --advertise=<docker-ip>:2376 consul://<consul-ip>:8500
restart: always
export DOCKER_CERT_PATH=~/.docker/swarm # assume ca.pem cert.pem key.pem lies in that director
docker --tlsverify -H <manager-ip>:3376 info
Containers: 36
Running: 29
Paused: 0
Stopped: 7
Images: 79
Server Version: swarm/1.1.3
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
iiis-ubuntu: 172.18.0.1:2376
└ Status: Healthy
└ Containers: 25
└ Reserved CPUs: 0 / 25
└ Reserved Memory: 0 B / 49.51 GiB
└ Labels: executiondriver=native-0.2, kernelversion=3.19.0-49-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=aufs
└ Error: (none)
└ UpdatedAt: 2016-04-07T13:29:42Z
optiplex: 10.0.0.1:2376
└ Status: Healthy
└ Containers: 11
└ Reserved CPUs: 0 / 4
└ Reserved Memory: 0 B / 3.938 GiB
└ Labels: executiondriver=native-0.2, kernelversion=3.13.0-83-generic, operatingsystem=Ubuntu 14.04.4 LTS, storagedriver=aufs
└ Error: (none)
└ UpdatedAt: 2016-04-07T13:29:45Z
Plugins:
Volume:
Network:
Kernel Version: 3.19.0-49-generic
Operating System: linux
Architecture: amd64
CPUs: 29
Total Memory: 53.45 GiB
Name: 4dbc31d6ac33
Docker Root Dir:
Debug mode (client): false
Debug mode (server): false
WARNING: No kernel memory limit support