
Build a Swarm cluster - valentinNC
https://opsnotice.xyz/build-swarm-cluster/
======
dchuk
Something I've been trying to figure out lately that I'm hitting dead ends
with: I just want to deploy a few containers to a single server.

I don't want a swarm or high availability, I just have some rails containers
in dev that I want to run on a medium sized droplet. But there's nothing
really out there on how to do this in a straightforward way.

I'm at the point where it seems like I can use ssh kit and docker compose to
sort of do this, but it won't be zero downtime deploy and I have to script it
up. It looks like there's a docker machine option, but I'm currently using
docker for Mac so I'm not even sure where to begin for that path.

Docker is super powerful, but we don't all have 500 host deployments. I just
need something quick that I can toss on a $20 vps easily.

~~~
biscarch
If you go the docker-machine route, you can do the following.

    
    
        brew install docker-machine
        docker-machine create --name myserver ...digital-ocean-options
        eval $(docker-machine env myserver)
        docker ps
    

that is:

* install docker-machine

* provision a droplet with docker on it (you can also use test.docker.com to use an RC instead of the latest release)

* set your local shell env to point docker to said machine

* use the docker client to interact with said machine

I also use docker-for-mac and a similar process to spin up swarm-mode
clusters. You can also ssh into the machine if you need to by `docker-machine
ssh myserver`

[0]: [https://docs.docker.com/machine/drivers/digital-
ocean/](https://docs.docker.com/machine/drivers/digital-ocean/)

~~~
dmix
This is a pretty standard use-case from my experience. I'm new to docker but I
work with a lot of different startups via consulting and they are all starting
to use docker and almost everyone is using docker-compose, and/or docker-
machine for their set ups.

It's probably worth investing in learning docker-compose.

------
gnur
Swarm mode is great, but I haven't found a good resource yet on how it alters
firewall rules. I've been trying to deploy it to a DO droplet using Ansible
and whenever I start throwing in ufw rules it overrules those. Ports that
should be closed are suddenly open. And when I use iptables I cannot even
start a new swarm when I block some traffic on an Ethernet device that
shouldn't even be used by docker.. Anyone have more experience with this? I'm
almost tempted to go to AWS so I don't have to deal with the firewall on the
machine itself.

~~~
zenlikethat
I think the main firewall modification to keep in mind with Docker (swarm mode
or not) is that if you publish a port with `--publish`, Docker will pretty
much always punch a hole through your existing firewall rules for this port.
If you don't want this, simply don't use `--publish` (or the equivalent
through the Docker API). Container-to-container communication should be done
using containers on the same `docker network` (generally, 'overlay' driver)
and should not require exposing ports to the host directly.

------
raesene6
one problem with Docker swarm articles at the moment is that the syntax really
isn't finalized.

For example in RC5 they move towards join tokens and away from secret...

------
barrystaes
One thing that kept nagging me about Docker is having a failing container
eating up resources. Having them swarm would only make this worse, i'd guess.
Anyone has first-hand experience in this?

