A series of operations are necessary to get a running Flocker cluster:
flocker-ca
utility to generate certificates.agent.yml
.You can execute them manually on a small cluster, but they are repetitive and tedious, so we'll illustrate the procedure using some self-explanatory Ansible playbooks published to https://github.com/fsoppelsa/ansible-flocker.
These plays are trivial and probably not production ready. There are also the official ClusterHQ playbooks for Flocker roles (refer to https://github.com/ClusterHQ/ansible-role-flocker), but for the linearity of the explanation, we'll use the first repository, so let's clone it:
git clone [email protected]:fsoppelsa/ansible-flocker.git
For certificate generation, the flocker-ca
utility is required. Instructions on how to install it are available at https://docs.clusterhq.com/en/latest/flocker-standalone/install-client.html. For Linux distributions, it's a matter of installing a package. On Mac OS X, instead, the tool can be pulled using Python's pip
utility.
On Ubuntu:
sudo apt-get -y install --force-yes clusterhq-flocker-cli
On Mac OS X:
pip install https://clusterhq-
archive.s3.amazonaws.com/python/Flocker-1.15.0-py2-none-any.whl
Once in possess of this tool, we generate the required certificates. To make the things simple, we'll create the following certificate structure:
A directory certs/
including all certificates and keys:
cluster.crt
and .key
are the authority certificate and keycontrol-service.crt
and .key
are the control node certificate and keyplugin.crt
and .key
are the Docker Flocker plugin certificate and keyclient.crt
and .key
are the Flocker client certificate and keynode-aws-101.crt
and .key
to node-aws-110.crt
and .key
are the node certificates and keys, one per nodeThe following are the steps:
flocker-ca initialize cluster
flocker-ca create-control-certificate aws-101
flocker-ca create-api-certificate plugin
flocker-ca create-api-certificate client
flocker-ca create-node-certificate node-aws-X
Of course, we must cheat and use the utility/generate_certs.sh
script available in the ansible-flocker
repository, which will do the work for us:
cd utils ./generate_certs.sh
After this script execution, we now have all our certificates available in certs/
:
On each Flocker node, we must perform the following steps:
clusterhq-python-flocker
clusterhq-flocker-node
clusterhq-flocker-docker-plugin
/etc/flocker
.agent.yml
to /etc/flocker
./etc/flocker
.2376
, 2377
, 4523
, 4524
.Once again, we love the machines to work for us, so let's setup this with Ansible while we have a coffee.
But, before, we must specify who will be the Flocker control node and who the bare nodes, so we fill in the inventory
file with the host IPs of nodes. The file is in .ini
format, and what's required is just to specify the list of nodes:
Then, we create the directory from where Ansible will take files, certificates, and configurations to copy to the nodes:
mkdir files/
We now copy all our certificates we created previously, from the certs/
directory to files/
:
cp certs/* files/
Finally, we define the Flocker configuration file in files/agent.yml
with the following content, adapting the AWS region and modifying hostname
, access_key_id
,and secret_access_key
:
control-service: hostname: "<Control node IP>" port: 4524 dataset: backend: "aws" region: "us-east-1" zone: "us-east-1a" access_key_id: "<AWS-KEY>" secret_access_key: "<AWS-ACCESS-KEY>" version: 1
This is the core Flocker configuration file, which will be in /etc/flocker
on every node. Here, you specify and configure the credentials of the backend of choice. In our case, we go with the basic AWS option, EBS, so we include our AWS credentials.
With inventory, agent.yml
and all certificates ready in files/
, we can proceed.
The playbook to install the control node is flocker_control_install.yml
. This play executes a software installation script, copies the cluster certificate, the control node certificate and key, the node certificate and key, the client certificate and key, the plugin certificate and key, configures the firewall opening ports for SSH, Docker and Flocker, and starts these system services:
flocker-control
flocker-dataset-agent
flocker-container-agent
flocker-docker-plugin
Finally, it refreshes the docker
service, restarting it.
Let's run it:
$ export ANSIBLE_HOST_KEY_CHECKING=False $ ansible-playbook -i inventory --private-key keys/flocker playbooks/flocker_control_install.yml
Similarly, we install the other nodes with another playbook, flocker_nodes_install.yml
:
$ ansible-playbook -i inventory --private-key keys/flocker playbooks/flocker_nodes_install.yml
The steps are more or less the same as before, except that this playbook doesn't copy some certificates and doesn't start the flocker-control
service. Only the Flocker agent and Flocker Docker plugin services run there. We wait for some time until Ansible exits.
To check that Flocker is installed correctly, we now log in to the control node, check that the Flocker plugin is running (alas, it has the .sock
file), and then we install the flockerctl
utility (refer to https://docs.clusterhq.com/en/latest/flocker-features/flockerctl.html) with the curl
command:
$ docker-machine ssh aws-104 $ sudo su - # ls /var/run/docker/plugins/flocker/ flocker.sock flocker.sock.lock # curl -sSL https://get.flocker.io |sh
We now set some environment variables used by flockerctl:
export FLOCKER_USER=client export FLOCKER_CONTROL_SERVICE=54.84.176.7 export FLOCKER_CERTS_PATH=/etc/flocker
We can now list the nodes and volumes (we still have no volumes yet, of course):
flockerctl status flockerctl list
Now, we can go to another node of the cluster to check the connectivity of the Flocker cluster (especially if the plugin and the agent can reach and authenticate to the control node), say aws-108
, create a volume and write some data into it:
$ docker-machine ssh aws-108 $ sudo su - # docker run -v test:/data --volume-driver flocker busybox sh -c "echo example > /data/test.txt" # docker run -v test:/data --volume-driver flocker busybox sh -c "cat /data/test.txt" example
If we go back to the control node, aws-104
, we can verify that volumes with persistent data got created by listing them with the docker and flockerctl
commands:
docker volume ls flockerctl list
Excellent! So now we can remove the exited containers, delete the test volume dataset from Flocker, and then we are ready to install a Swarm:
# docker rm -v ba7884944577 # docker rm -v 7293a156e199 # flockerctl destroy -d 8577ed21-25a0-4c68-bafa-640f664e774e