Failover swarm fail-over

#故障转移 Failover

#当其中一个节点关闭宕机时, the service in its node is transferred to another node.
The swarm detects that the node1 fails and marks the state of the fault node as down; Docker node LS to see the status of Node1 down
At the same time Swarm will dispatch the service on the Node1 to other resource nodes to run; Docker service PS Web_server to see its process and status

#访问server

#便于分析, redeploy a
Docker Service Create--name=htdocs_nginx--replicas=3 Nginx
Docker service PS Htdocs_nginx to see the number of replicas
--replicas can specify the number of replicas directly, no need to reuse the Docker scale command

#现在我们要访问server
In the above operation, we each node has running service, Node1, Node2, Node3 container is listening to 80 ports, but we do not map the port to host, so we should do the following

#进入容器查看:
Docker exec container id/bin/sh can also be used/bin/bash
The container IP is 172.12.0.5, which is actually connected to the Docker Bridge network
Crul 172.12.0.5 can access
But this is inside the container and needs to be implemented externally as well, when exposed to 80 ports

#外部访问
Docker Service Update--publish-add 80:80 Htdocs_nginx
This maps the ports and is externally accessible.
Of course, the new service can also be specified directly
Docker Service Create--name Htdocs_nginx--replicas=3--publish-add 80:80 nginx


#routing Mesh
Our access to each node's 80 port can return results; Swarm internal load balancer will forward the request to one of Web_server's replicas. This is the role of routing mesh.

Note: When we use--publish-add 80:80 swarm will reconfigure the replica, the network inside the container will change
The network of the--publish-add is not the same as before, there are now two network cards, each network card connected to different Docker networks.
As a matter of fact:

Eth0 is connected to a overlay type of network with the name Ingress, which allows containers running on different hosts to communicate with each other.

Eth1 is connected to a bridge type of network, named Docker_gwbridge, and its role is to allow the container to access the external network.

The ingress network is swarm created when Docker was created for us, and each node in swarm can use ingress.
Through the overlay network, the host and the container, the container and the container can access each other, while the routing mesh routes the external request to a different host container.
This enables external network access to the service.

#service与service通信 the Internal
To increase security without exposing ports, we can use the following method:
Service discovery:
If not publish, then Swarm will provide a mechanism to:
Give the service access to other service through a simple method.
When the IP of the service copy changes, no other service that accesses the service is affected.
When the number of copies of a service changes, there is no impact on other service access to the service.
This is actually service Discovery (discovery). The Docker Swarm provides this functionality through service discovery,
The service user does not need to know where the service is running, how many IPs it is, and how many replicas it has to communicate with the service.

#创建overlay网络
Docker Network Create--driver overlay app_net
Docker Network LS

#部署
Docker Service Create--name my_web--replicas=5--network app_net nginx
Docker Service Create--name database--network app_net MySQL

Docker Service PS Database view container and enter container
Docke exec container id/bin/sh ping My_web found to pass
At the same time, the My_webip obtained by the ping is the VIP virtual IP, and the swarm will load the access of the VIP to each copy.

Failover swarm fail-over