Update swarm docs to match current functionality
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/1e696234 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/1e696234 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/1e696234 Branch: refs/heads/master Commit: 1e69623456ce2292df59716fb661e9599e773704 Parents: f0c3290 Author: Svetoslav Neykov <[email protected]> Authored: Tue Feb 14 11:50:45 2017 +0200 Committer: Andrew Donald Kennedy <[email protected]> Committed: Fri May 19 14:01:20 2017 +0100 ---------------------------------------------------------------------- docker-location/docker-container-location.md | 36 ++++++++++---------- docker-location/docker-swarm-location.md | 40 +++++++++++++---------- 2 files changed, 40 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/1e696234/docker-location/docker-container-location.md ---------------------------------------------------------------------- diff --git a/docker-location/docker-container-location.md b/docker-location/docker-container-location.md index cd53ddc..0c105fc 100644 --- a/docker-location/docker-container-location.md +++ b/docker-location/docker-container-location.md @@ -15,13 +15,13 @@ Here is an example catalog item to add a Docker engine endpoint to your catalog name: "My Docker engine" itemType: location item: - type: jclouds:docker + type: docker brooklyn.config: - endpoint: << endpoint >> + endpoint: https://<< address >>:<< port >> identity: << path to my cert.pem >> credential: << path to my key.pem >> - image: "cloudsoft/centos:7" - loginUser.password: "p4ssw0rd" + # Default image if no other explicitly set + # imageId: "cloudsoft/centos:7" **Note** The endpoint of a Docker engine is the IP + port where the docker engine is currently running. As for the identity and credential, the Docker engine will generate those by default in `~/.docker/certs` folder, unless you specified them during the installation. @@ -29,38 +29,38 @@ Here is an example catalog item to add a Docker engine endpoint to your catalog Once your Docker container location has been configured, AMP can launch instances based on a `DockerContainer` entity, this means additional configuration such as custom docker images can be specified. Here's an example which sets up a [Wordpress](https://wordpress.org/) instance: - location: - << see above >> + # see above for a definition of the location + location: my-docker-engine services: - type: io.cloudsoft.amp.containerservice.dockercontainer.DockerContainer id: wordpress-mysql name: MySQL brooklyn.config: + mysql.root_password: password docker.container.imageName: mysql:5.6 + # Maps the port to the host node, making it available for external access docker.container.inboundPorts: - "3306" - provisioning.properties: - env: - MYSQL_ROOT_PASSWORD: "password" - deployment: wordpress-mysql + docker.container.environment: + MYSQL_ROOT_PASSWORD: $brooklyn:config("mysql.root_password") - type: io.cloudsoft.amp.containerservice.dockercontainer.DockerContainer id: wordpress name: Wordpress brooklyn.config: docker.container.imageName: wordpress:4-apache + # Maps the port to the host node, making it available for external access docker.container.inboundPorts: - "80" - provisioning.properties: - env: - WORDPRESS_DB_HOST: "wordpress-mysql" - WORDPRESS_DB_PASSWORD: "password" + docker.container.environment: + WORDPRESS_DB_HOST: $brooklyn:entity("wordpress-mysql").attributeWhenReady("host.subnet.address") + WORDPRESS_DB_PASSWORD: $brooklyn:entity("wordpress-mysql").config("mysql.root_password") #### Docker container configuration To configure the `DockerContainer` entity, the following configuration params are available: -- **docker.container.disableSsh** Skip checks such as ssh for when docker image doesn't allow ssh -- **docker.container.imageName** Image name to pull from docker hub -- **docker.container.inboundPorts** List of ports, that the docker image opens, to be made public -- **docker.container.environment** Environment variables to set on container startup. This must be a map +- **docker.container.disableSsh** Skip checks such as ssh for when docker image doesn't allow ssh; use the default image `cloudsoft/centos:7` for ssh-able image +- **docker.container.imageName** Image name to pull from docker hub; overrides the default one `cloudsoft/centos:7` +- **docker.container.inboundPorts** List of ports, that the docker image maps to the host, opening them to the public +- **docker.container.environment** Environment variables to set on container startup; this must be a map http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/1e696234/docker-location/docker-swarm-location.md ---------------------------------------------------------------------- diff --git a/docker-location/docker-swarm-location.md b/docker-location/docker-swarm-location.md index ca3a5e1..0c69417 100644 --- a/docker-location/docker-swarm-location.md +++ b/docker-location/docker-swarm-location.md @@ -15,27 +15,31 @@ Here is an example catalog item to add a Docker Swarm endpoint to your catalog l name: "My Docker Swarm" itemType: location item: - type: jclouds:docker + type: docker brooklyn.config: - endpoint: << endpoint >> + endpoint: https://<< address >>:<< port >> identity: << path to my cert.pem >> credential: << path to my key.pem >> - image: "cloudsoft/centos:7" - loginUser.password: "p4ssw0rd" + # Default image if no other explicitly set + # imageId: "cloudsoft/centos:7" + templateOptions: + networkMode: "brooklyn" -**Note** if you have provisioned your own docker swarm you may need to first pull the Cloudsoft configured image on the Swarm Manager: +**Note** if you have provisioned your own docker swarm you may need to first pull the Cloudsoft +configured image on the Swarm Manager. Another recommended step is to create a default network for the containers: docker -H ${swarm_endpoint} ${TLS_OPTIONS} pull cloudsoft/centos:7 docker -H ${swarm_endpoint} ${TLS_OPTIONS} images --no-trunc + docker network create --driver=overlay brooklyn #### Credentials for Deploying to Docker Swarm To deploy to a Docker Swarm endpoint, you'll need pem files for identity/credential. These can -either be copied from one of the Docker Engine VMs, or can be generated from the certificate -authority. The actual IP of the client doesn't matter. +either be copied from one of the Docker Engine VMs, or can be generated locally and signed by +the certificate authority. The actual IP of the client doesn't matter. -To generate your own certificates from the example CA server included in AMP (note this is not recommended for use in a production environment - and could be subject to future removal): +To generate your own certificates and signed them with the example CA server included in AMP (note this is not +recommended for use in a production environment and could be subject to future removal): # Create your certificates directory mkdir -p .certs @@ -45,15 +49,15 @@ To generate your own certificates from the example CA server included in AMP (no own_ip=192.168.1.64 ca=$(br app "Docker Swarm" ent ca-server sensor main.uri) echo ${ca} - curl -X POST ${ca}/generate/${own_ip} - curl ${ca}/cert/${own_ip}/ca.pem > .certs/ca.pem - curl ${ca}/cert/${own_ip}/cert.pem > .certs/cert.pem - curl ${ca}/cert/${own_ip}/key.pem > .certs/key.pem + curl -L ${ca}/cacert/ca.pem --output .certs/ca.pem + openssl genrsa -out .certs/key.pem 2048 + openssl req -new -key .certs/key.pem -days 1825 -out .certs/csr.pem -subj "/CN=${own_ip}" + curl -X POST --data-binary @.certs/csr.pem ${ca}/sign > .certs/cert.pem To be able to execute `docker ...` commands locally: - # Set up TLS options to point at your certificates - CERTS_DIR=${HOME}/.docker/.certs + # Set up TLS options to point at your certificates (created above) + CERTS_DIR=$(pwd)/.certs TLS_OPTIONS="--tlsverify --tlscacert=${CERTS_DIR}/ca.pem --tlscert=${CERTS_DIR}/cert.pem --tlskey=${CERTS_DIR}/key.pem" # Check docker works @@ -62,12 +66,12 @@ To be able to execute `docker ...` commands locally: docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps # Run something, and check it is listed - docker -H ${swarm_endpoint} ${TLS_OPTIONS} run hello-world - docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps -a + docker -H ${swarm_endpoint} ${TLS_OPTIONS} run hello-world + docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps -a Instead of explicit parameters to `docker` you can use its environment variables as follows: export DOCKER_HOST=tcp://10.10.10.152:3376 export DOCKER_TLS_VERIFY=true - export DOCKER_CERT_PATH=.certs + export DOCKER_CERT_PATH=$(pwd)/.certs docker ps -a \ No newline at end of file
