We distribute an installation script that can be used to install Replicated on Docker Swarm. The cluster does not have to be created at this point, the Replicated install script can install Docker Engine and provision a new Swarm cluster.
Basic install (recommended):
The basic install will install Docker (as needed) and Replicated. It will save the install script to a file which you can inspect and then run. We recommend reading and understanding the install script prior to running.
curl -sSL -o install.sh https://get.replicated.com/swarm-init
sudo bash ./install.sh
Quick Install:
The quick Swarm install will install Docker (as needed) and Replicated. Use this method if you have no need to view/change the installer script and you just want a one-line install.
curl -sSL https://get.replicated.com/swarm-init | sudo bash
Flags:
The install script can take flags to help your customers with specialized enterprise setups.
| Flag | Usage |
|---|---|
| additional-no-proxy | Address that can be reached without the HTTP proxy |
| airgap | airgap implies “no proxy” and “skip docker” |
| bypass-storagedriver-warnings | Bypass the storagedriver warning |
| daemon-token | Authentication token used by operators for automating a cluster installation |
| docker-version | Install a specific version of docker |
| exclude-subnet | Prevent docker from creating a network in a subnet. Can be specified multiple times. |
| hard-fail-on-loopback | If present, aborts the installation if devicemapper on loopback mode is detected |
| http-proxy | If present, then use proxy |
| log-level | If present, this will be the log level of the Replicated daemon (debug, info, or error). |
| no-docker | Skip docker installation |
| no-proxy | If present, do not use a proxy |
| public-address | The public IP address for stack |
| swarm-advertise-addr | The swarm advertise address |
| swarm-listen-addr | The swarm listen address |
| swarm-stack-namespace | The swarm stack namespace to use |
| ui-bind-port | The port to bind the UI to |
| no-ce-on-ee | Disable installation of Docker CE onto platforms it does not support - RHEL, SLES and Oracle Linux |
| tls-cert-path | An absolute path to the trusted CA certificates file on the host |
Example quick install with flags:
curl -sSL https://get.replicated.com/swarm-init | sudo bash -s no-proxy ui-bind-port=8000
Advanced Install
The advanced Swarm install requires the host is running Docker with a version between 1.13.1 - 17.12.1-ce.
This method will save the Docker Compose YAML to a file and then run a command using the YAML file as the input. We recommend reading and understanding the Compose file prior to running.
docker swarm init
curl -sSL -o docker-compose.yml "https://get.replicated.com/docker-compose.yml?swarm_node_address=$(docker info --format '{{.Swarm.NodeAddr}}')"
docker node update --label-add replicated-role=master "$(docker info --format '{{.Swarm.NodeID}}')"
export LC_CTYPE=C;echo "$(head -c 128 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | docker secret create daemon_token -
docker stack deploy -c docker-compose.yml replicated
Customizing Overlay Networks
Replicated requires four overlay networks in addition to any overlay networks required by your app.
By default Swarm assigns a /24 subnet from the 10.0.0.0/8 global subnet to each overlay network.
This may interfere with a customer’s existing networks.
Use the exclude-subnet param to exclude multiple /16 subnets from the 10.0.0.0/8 default subnet.
Customers that need to exclude the entire 10.0.0.0/8 will need to create all networks in advance with assigned subnets. Create the following networks before installing Replicated, modifying the subnets for the host:
SUBNET_1=172.20.0.0/16
SUBNET_2=172.21.0.0/16
SUBNET_3=172.22.0.0/16
SUBNET_4=172.23.0.0/16
docker network create --driver=overlay --subnet=$SUBNET_1 --label=com.docker.stack.namespace=replicated replicated_default
docker network create --driver=overlay --subnet=$SUBNET_2 --label=com.docker.stack.namespace=retraced retraced_default
docker network create --driver=overlay --subnet=$SUBNET_3 --label=PremkitReplicatedNamespace=replicated premkit_replicated
docker network create --driver=overlay --subnet=$SUBNET_4 --label=StatsdReplicatedNamespace=replicated statsd_replicated
Then install Replicated and your app. Swarm will create the network(s) for your app in the 10.0.0.0/8 subnet.
Run docker stack ls to find your application namespace, which will vary for every install.
In the following results repl5397a011 is the application namespace.
NAME SERVICES
repl5397a011 8
replicated 3
retraced 8
Run docker network ls to find networks in the application namespace.
In the following results repl5397a011_voteapp is an application network.
NETWORK ID NAME DRIVER SCOPE
ea5f9efd3242 bridge bridge local
3972c6a9cb30 docker_gwbridge bridge local
fcc8f63af47a host host local
k1m7wagciv3h ingress overlay swarm
eeee239be18e none null local
se30g4p6s8oc premkit_replicated overlay swarm
obu0vkl7u54k repl5397a011_voteapp overlay swarm
2enrenhp40cu replicated_default overlay swarm
dvj7lqoj6j2r retraced_default overlay swarm
spajlqj8i144 statsd_replicated overlay swarm
Run docker network inspect <network> for each application network and note the Labels:
docker network inspect repl5397a011_voteapp
...
"Labels": {
"com.docker.stack.namespace": "repl5397a011"
},
...
Stop the app in the Replicated UI or with the Replicated CLI.
Then run docker stack rm repl5397a011 to remove your app if the namespace is `repl5397a011’.
Manually create all the required application networks following the pattern above:
SUBNET_5=172.24.0.0/16
docker network create --driver=overlay --subnet=$SUBNET_5 --label=com.docker.stack.namespace=repl5397a011 repl5397a011_voteapp
Finally, restart your app with the Replicated UI or CLI.
Uninstall Entire Swarm Stack
To remove the entire Swarm stack run the following script.
Swarm Uninstall Warning
This will remove everything including images, volumes, secrets, etc.. Don’t do this unless you are planning on completely starting over.
docker stack ls | grep replicated_ | awk '{print $1}' | xargs docker stack rm
sleep 5; docker service rm premkit_replicated
sleep 5; docker service rm statsd_replicated
sleep 5; docker volume rm replicated-premkit-data-volume
sleep 5; docker volume ls | grep statsd | awk '{print $2}' | xargs docker volume rm
sleep 5; docker network rm statsd_replicated premkit_replicated
sleep 5; docker stack rm replicated
sleep 5; docker ps -a | grep piper | awk '{print $1}' | xargs docker rm
sleep 10; docker volume ls | grep replicated | awk '{print $2}' | xargs docker volume rm
sleep 5; docker images | grep 'replicated\|premkit' | awk '{print $3}' | xargs docker rmi
sleep 5; docker secret ls | grep 'replicated\daemon_token' | awk '{print $1}' | xargs docker secret rm
sleep 5; docker stack rm retraced
Security Groups and Firewalls
To ensure that overlay networking is available in Docker Swarm, make sure the following ports are open between all nodes that act as Swarm nodes:
- TCP port 2377 for cluster management
- TCP and UDP port 7946 for general communication
- UDP port 4789 for overlay network traffic
For more information about overlay networking in Docker Swarm, see the Docker Swarm overlay networking documentation.