I am looking at this CloudFormation template:
http://editions-us-east-1.s3.amazonaws.com/aws/stable/18.03.0/Docker.tmpl
This template creates a docker swarm cluster using EC2 instances on AWS. The process is relatively straightforward:
Create a network for the swarm
Create scaling groups for the workers and managers
Initialize the managers and reach quorum
Initialize the workers and join the swarm
I grasp at a high level what is occourng, and have manually created Docker Swarms on a local machine without difficulty. However, I am failing to grasp some key concepts.
How do the workers join the swarm? I see that the manager IP is published to a Dynamo DB table, but where would the workers get the tokens to join the swarm, and where are the commands being run, I don't see anything along the lines of docker swarm join ... in the template file
What is the purpose of the ELB (Elastic Load Balancer)? All the nodes are included in the balancer, so what is it really balancing?
Those two things are quite confusing as it seems that Docker is creating this swarm out of thin air without the use of tokens or even running the necessary docker command! I'd love a clarification on how these work!
Yea that's one of the problems with those depreciated templates, they are no longer getting updates and much of what their doing isn't open source. I haven't seen documentation on what you're asking about.
For Docker EE, Docker has the new Docker Certified Infrastructure templates (Terraform plus Ansible).
For Docker CE, Docker has no currently-supported cloud infrastructure templates. There are talks of doing something with those AWS/Azure templates, but right now it's just ideas.
Related
I have been working on a web app for a few months and now it's ready for deployment. My frontend and backend are in different docker containers (and different repos as well). I use docker-compose to communicate between the two containers and for nginx. Now, I want to deploy my app to AWS and I'm thinking of 2 approaches, but I don't know which one is better:
Deploy the 2 containers separately (as 2 different apps) so that it's easier for me to make changes/maintain each of them, and I also read somewhere that this approach is more secured.
Deploy them as a single app for simpler deployment process, but other than that, I can't really think of anything good about this approach.
I'm obviously leaning more toward the first approach, but if anyone could give me more insights on the pros and cons of both approaches, I would highly appreciate! I am trying to make this process as professional as possible so I can learn more about devOps.
So what docker-compose does under the hood:
Create a docker network
Put all containers in this network
Sets up DNS names, so containers can find each other using their names
This can also be achieved with ECS (which seems suitable for your use case).
So create an ECS Cluster with Fargate as the capacity provider (allowing you to work serverless and don't have to care about ec2 instances)
ECS works with task definitions, so you can create a task definition containing your backend and frontend and create a service based on the definition.
All containers defined in one task work exactly like docker-compose, ECS creates a docker network for them, and they are basically in the same network.
Also see:
AWS Docs for ECS task definitions
AWS Docs for launch types
If you just want to use nginx in front of your service for load balancing, maybe using an application load balancer will be a better choice.
I want to confirm my approach to setting up a VPC using cloudformation/scepter and seeding instances with docker container is correct.
Create an aws ec2 instance.
Create a docker image on that instance
Create a cloudformation VPC template (.yaml )
-reference docker image in template?
Create a sceptre project using the template above and run script from ec2 instance
So as I understand if the majority of the work will be in the cloudformation template. Currently I'm stuck on sceptre errors, but I wanted to make sure I was approaching the problem correctly. Does this look like the right approach?
There are a lot of ways of doing what you want:
Run sceptre locally on your development machine
This is easier, but not best practice for important environments as
having a build server, gives a better trail of what was done when (especially in shared environments)
Use CodeBuild to save you having to do steps 1 & 2 yourself (AWS maintain a docker image with python installed)
It also avoids the chicken and egg problem of how you deploy the EC2 instance in the first place.
Configure Jobs on a build server such as Jenkins
CodeDeploy is good for simple setups, but a well configured build server, can have dashboards to track what is deployed where
as sceptre is just a way of generating/managing deploying templates across environments, there are lots of other ways of doing this including what you outlined.
p.s Apologies that the getting started documentation isn't great at the moment, it is something we are focusing on for release 2.0.
The purpose is production-level deployment of a 8-container application, using swarm.
It seems (ECS aside) we are faced with 2 options:
Use the so called docker-for-aws that does (swarm) provisioning via a cloudformation template.
Set up our VPC as usual, install docker engines, bootstrap the swarm (via init/join etc) and deploy our application in normal EC2 instances.
Is the only difference between these two approaches the swarm bootstrap performed by docker-for-aws?
Any other benefits of docker-for-aws compared to a normal AWS VPC provisioning?
Thx
If you need to provide a portability across different cloud providers - go with AWS CloudFormation template provided by Docker team. If you only need to run on AWS - ECS should be fine. But you will need to spend a bit of time on figuring out how service discovery works there. Benefit of Swarm is that they made it fairly simple, just access your services via their service name like they were DNS names with built-in load-balancing.
It's fairly easy to automate new environment creation with it and if you need to go let's say Azure or Google Cloud later - you simply use template for them to get your docker cluster ready.
Docker team has put quite a few things into that template and you really don't want to re-create them yourself unless you really have to. For instance if you don't use static IPs for your infra (fairly typical scenario) and one of the managers dies - you can't just restart it. You will need to manually re-join it to the cluster. Docker for AWS handles that through IPs sync via DynamoDB and uses other provider specific techniques to make failover / recovery work smoothly. Another example is logging - they push your logs automatically into CloudWatch, which is very handy.
A few tips on automating your environment provisioning if you go with Swarm template:
Use some infra automation tool to create VPC per environment. Use some template provided by that tool so you don't write too much yourself. Using a separate VPC makes all environment very isolated and easier to work with, less chance to screw something up. Also, you're likely to add more elements into those environments later, such as RDS. If you control your VPC creation it's easier to do that and keep all related resources under the same one. Let's say DEV1 environment's DB is in DEV1 VPC
Hook up running AWS Cloud Formation template provided by docker to provision a Swarm cluster within this VPC (they have a separate template for that)
My preference for automation is Terraform. It lets me to describe a desired state of infrastructure rather than on how to achieve it.
I would say no, there are basically no other benefits.
However, if you want to achieve all/several of the things that the docker-for-aws template provides I believe your second bullet point should contain a bit more.
E.g.
Logging to CloudWatch
Setting up EFS for persistence/sharing
Creating subnets and route tables
Creating and configuring elastic load balancers
Basic auto scaling for your nodes
and probably more that I do not recall right now.
The template also ingests a bunch of information about related resources to your EC2 instances to make it readily available for all Docker services.
I have been using the docker-for-aws template at work and have grown to appreciate a lot of what it automates. And what I do not appreciate I change, with the official template as a base.
I would go with ECS over a roll your own solution. Unless your organization has the effort available to re-engineer the services and integrations AWS offers as part of the offerings; you would be artificially painting yourself into a corner for future changes. Do not re-invent the wheel comes to mind here.
Basically what #Jonatan states. Building the solutions to integrate what is already available is...a trial of pain when you could be working on other parts of your business / application.
I have followed the Docker Docs about setting up Swarm on Virtualbox.
I suppose it is the same procedure to set it up on AWS, Azure or DigitalOcean.
It is a lot to do manually every time .
Is there a tool to automate this?
I would like to use something to set up and scale Swarm like Compose does for Docker .
Maybe I would start with one AWS instance and 2-3 containers and then scale them up to 100 containers and the instances to scale accordingly. Then I would want to scale down to 2 instances and the rest would shut down.
Does something like this exist ?
If you want to avoid manual configurations but still get the required high availability and cost efficiency, try to run Docker Swarm template pre-packaged by Jelastic:
it has built-in automatic clustering and scaling
the installation is performed automatically and you'll get full access to the cluster via intuitive UI
containers are running directly on bare metal, so no need to reserve full VMs for each service (and you can choose the datacenter you want to run your project on)
the payment is done based on actual consumption of RAM and CPU
containers are automatically distributed across different hardware servers that increases high availability
The details about the package and installation steps are in this article.
You can use Ansible for configuring the Swarm master, Swarm nodes, and all the required cluster discovery. Ansible is a general IT automation tool, but it comes with a very powerful Docker module that allows to set up Docker Swarm easily.
This GitHub repository shows a good example how to set up Swarm with Ansible.
You can use Docker Machine for provisioning hosts and configuring swarm easily (example).
The Docker Ecosystem includes also managed solutions like Tutum or Docker Cloud to achieve easily what you want.
Checkout devopsbyte.com blog, which covers how to set up a docker swarm cluster using ansible
I am working on a project using a microservices architecture.
Each service lives in its own docker container and has a separate git repository in order to ensure loose coupling.
It is my understanding that AWS recently announced support for Multi-Container Docker environments in ElasticBeanstalk. This is great for development because I can launch all services with a single command and test everything locally on my laptop. Just like Docker Compose.
However, it seems I only have the option to also deploy all services at once which I am afraid defies the initial purpose of having a micro services architecture.
I would like to be able to deploy/version each service independently to AWS. What would be the best way to achieve that while keeping infrastructure management to a minimum?
We are currently using Amazon ECS to accomplish exactly what you are talking about trying to achieve. You can define your Docker Container as a Task definition and then Create an ECS Service which will handle number of instances, scaling, etc.
One thing to note is Amazon mentions the word container a lot in the documentation. They may be talking about the EC2 instance used for the cluster for your docker instances/containers.