使用隔离网络扩展Docker容器
[英]Scaling Docker Containers with isolated networks
问题描述
I'm using docker-compose (v 3.3) and I have a set of services as shown below. 
我正在使用docker-compose(v 3.3),我有一组服务,如下所示。
version: '3.3'
services:
jboss:
build:
context: .
dockerfile: jboss/Dockerfile
ports:
- 8080
depends_on:
- mysql
- elasticsearch
networks:
- ${NETWORK}
# - front-tier
# - back-tier
mysql:
hostname: mysql
image: mysql:latest
ports:
- 3306
networks:
- ${NETWORK}
# - back-tier
elasticsearch:
image: elasticsearch:1.7.3
ports:
- 9200
networks:
- ${NETWORK}
# - back-tier
networks:
# front-tier:
# driver: bridge
The problem/question is related to the possibility to isolate these services when I scale my containers in a kind of subnet (by the way, I'm not using swarm here) in the sense that jboss1 can only see mysql1 and elasticsearch1. 问题/问题与我在一种子网中扩展容器时隔离这些服务的可能性有关(顺便说一句,我不是在这里使用swarm),因为jboss1只能看到mysql1和elasticsearch1。 The same for jboss2 - mysql2 - es2 and so on. 同样适用于jboss2 - mysql2 - es2等。 I know this is quite strange, but the task is to parallelize some tests and they must be completely isolated. 我知道这很奇怪,但任务是并行化一些测试,它们必须完全隔离。
As you probably have realized, I've tried some approaches (that are commented in the compose) of defining some networks, but if I scale the containers, they will obviously be on the same network - which means that I could randomly ping on mysql-n from jboss-1. 正如您可能已经意识到的那样,我已经尝试了一些定义某些网络的方法(在编写中评论),但如果我扩展容器,它们显然会在同一个网络上 - 这意味着我可以随机ping mysql -n来自jboss-1。
Then, I tried another approach explained here by Arun Gupta http://blog.arungupta.me/docker-bridge-overlay-network-compose-variable-substitution/ where he mentioned the variable substitution in the network attribute (for that the ${NETWORK} there). 然后,我尝试了Arun Gupta在这里解释的另一种方法http://blog.arungupta.me/docker-bridge-overlay-network-compose-variable-substitution/其中他提到了网络属性中的变量替换(为此$ {NETWORK}那里)。 But it turns out that if I try to "up" my containers via: 但事实证明,如果我尝试通过以下方式“升级”我的容器:
NETWORK=isolated-net1 docker-compose up -d
and then 然后
NETWORK=isolated-net2 docker-compose up -d
it won't scale the containers, but instead, recreate them all: 它不会扩展容器,而是重新创建它们:
Recreating docker_mysql_1 ...
Recreating docker_elasticsearch_1 ...
Recreating docker_jboss_1 ...
In a nutshell: Is there a way to isolate a group of services when doing a docker-compose up --scale ? 简而言之:在进行docker-compose up --scale时,有没有办法隔离一组服务?
Thanks 谢谢
1 个解决方案
解决方案1
2 已采纳 2017-09-01 07:58:15
Well, it turns out that after a few days where I've been beating my brains out and trying to find a proper out-of-the-box solution for the problem, the feasible way to achieve this (actually, the one which fits my needs) was doing the following: 好吧,事实证明,经过几天,我一直在绞尽脑汁并试图为问题找到一个合适的开箱即用的解决方案,实现这一目标的可行方法(实际上,适合的方式)我的需要)做了以下事情:
I. Creating the specific volume for the instance that would call the other containers (in this case, JBoss): I.为将调用其他容器的实例创建特定卷(在本例中为JBoss):
jboss:
build:
context: jboss
dockerfile: Dockerfile
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# ... omitting the rest
II. II。 Slightly editing my Dockerfile with a script that really does the isolation: 使用真正完成隔离的脚本稍微编辑我的Dockerfile:
FROM my-private-jboss:latest
ADD isolateNetwork.sh /opt/jboss/jboss-eap/jboss-as/server/default/bin/isolateNetwork.sh
RUN chmod +x /opt/jboss/jboss-eap/jboss-as/server/default/bin/isolateNetwork.sh
CMD ["/opt/jboss/jboss-eap/jboss-as/server/default/bin/isolateNetwork.sh"]
III. III。 Finally, the isolateNetwork.sh (warning: I had to install jq on my JBoss container to help in these extractions from docker API): 最后,isolateNetwork.sh(警告:我必须在我的JBoss容器上安装jq来帮助这些来自docker API的提取):
#!/usr/bin/env bash
curl -s --unix-socket /var/run/docker.sock http://localhost/containers/$(hostname)/json > container.json
export DOCKER_CONTAINER_NUMBER=$(cat container.json | jq -r '.Config.Labels["com.docker.compose.container-number"]')
export DOCKER_PROJECT_NAME=$(cat container.json | jq -r '.Config.Labels["com.docker.compose.project"]')
export MYSQL_CONTAINER_NAME=${DOCKER_PROJECT_NAME}_mysql_${DOCKER_CONTAINER_NUMBER}
export MYSQL_IP=$(curl -s --unix-socket /var/run/docker.sock http://localhost/containers/$MYSQL_CONTAINER_NAME/json | jq -r '.NetworkSettings.Networks[].IPAddress')
#Now it's just required to edit the Datasources
find . -iname "MySql*-ds.xml" -exec sed -i s/mysql:3306/${MYSQL_CONTAINER_NAME}:3306/g {} +
As you can see, the volume created during step 1 serves to access docker API from inside a container. 如您所见,在步骤1中创建的卷用于从容器内部访问docker API。 This way, I could query the info mentioned and edit the configuration to invoke just upon the same DOCKER_CONTAINER_NUMBER . 这样,我可以查询提到的信息并编辑配置,以便在相同的DOCKER_CONTAINER_NUMBER上调用。 Apart from that, it is important to mention that my command to scale has a very specific requirement that is: every Jboss will have the same number of data-sources, which implies that DOCKER_CONTAINER_NUMBER will ever match. 除此之外,重要的是要提到我的扩展命令有一个非常具体的要求:每个Jboss都有相同数量的数据源,这意味着DOCKER_CONTAINER_NUMBER将匹配。
docker-compose up --scale jboss=%1 --scale elasticsearch=%1 --scale mysql=%1 --no-recreate -d
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.