Azure Container Service (ACS) is an optimized container hosting solution for commonly used open source container orchestrator tools. Supported container orchestrator tools are Mesos-based DC/OS, Kubernetes, and Docker Swarm. Or, the standalone Docker engine may be used. Azure Container Service exposes the API endpoints for a selected orchestration engine, so that open source tools for various use-case including monitoring, continuous integration, and command-line tools may access the container service.
What Is an ACS Docker Swarm?
A Docker Swarm is a collection/cluster of virtual machines (VMs) running Docker Engine and includes other resources such as Load Balancers, VM Scale Sets or Availability Sets, Storage, and Network. A Docker Swarm on Azure Container Service consists of Swarm Master and Swarm Agent nodes (VMs). A Swarm Master may be directly connected to using a SSH RSA Key. A Swarm Agent is not directly connectable by using a SSH RSA key.
Azure Container Service Docker Swarm Cluster is not a Docker Swarm mode cluster. Docker Swarm mode has to be initialized on an ACS Swarm master. When a Docker Swarm Cluster is created on an Azure Portal all the required resources (VMs, Scale Sets, Load balancers) are created automatically.
This article has the following sections:
- Setting the Environment
- Starting Azure Cloud Shell
- Creating a SSH RSA Key Pair
- Creating an Azure Container Service Docker Swarm
- Exploring the Docker Swarm Cluster Resources
- Connecting to a Swarm Master
Setting the Environment
An Azure account is the only pre-requisite. An Azure account may be created at https://azure.microsoft.com/.
Starting Azure Cloud Shell
Azure provides a client interface to connect with the Azure tool called Cloud Shell. Cloud Shell is a browser-based admin shell to connect to Azure. Cloud Shell supports client tools to select from, including PowerShell modules, Azure tools, container tools, database tools, Linux shell interpreters, source control, and build tools. Cloud Shell also supports several programming languages to choose from, including .NET and Node.js. To start Cloud Shell, click on >_ icon, as shown in Figure 1.
Figure 1: Starting Cloud Shell
Creating a SSH RSA Key Pair
To create an Azure Container Service-based hosted solution, a SSH RSA Key is required. Create a SSH RSA key from the Cloud Shell with the following command:
ssh-keygen -t rsa -b 2048
A command prompt to specify the file in which to save the key gets displayed, as shown in Figure 2. Click Enter to select the default file.
Figure 2: Generating a SSH RSA Key
Another command prompt to specify the passphrase gets displayed. Click Enter to not use a passphrase. Regardless of whether or not a passphrase is selected, a confirmation command prompt gets displayed to specify the passphrase again. Click Enter again if no passphrase is used. A public/private key pair gets generated and saved. The complete output from the ssh-keygen command is listed next:
deepak@Azure:~$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/home/deepak/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/deepak/.ssh/id_rsa. Your public key has been saved in /home/deepak/.ssh/id_rsa.pub. The key fingerprint is: SHA256:+YArpP5Eri/JENp0b3CKVbOz3qFPveivTHr1vyaHv/o deepak@cc-bf01-fb628f8c-2249754430-9tlf8 The key's randomart image is: +---[RSA 2048]----+ | | | o | | . o | |. . + +. . | |.+ +o=.oS | |o o=. +..+. | | o..+o.oooo. . | | .+o .o=o. .+ o | | o+o .+*oo .OEo | +----[SHA256]-----+
The default permissions set on the SSH RSA key are too open and cannot be used with ACS. Modify the permissions to 400 (read-only by owner):
deepak@Azure:~$ chmod 400 /home/deepak/.ssh/id_rsa
We shall be using the SSH RSA key when we create a Docker Swarm. Open the public key file in a vi editor:
deepak@Azure:~$ vi /home/deepak/.ssh/id_rsa.pub
And, select all and copy the contents of the id_rsa.pub file and store in a text file to be used later.
Creating an Azure Container Service Docker Swarm
To create an Azure Container Service-based Docker Swarm, click New in the Azure portal, as shown in Figure 3.
Figure 3: Azure portal>New
In the New wizard, several Azure Marketplace applications get displayed to choose from, as shown in Figure 4.
Figure 4: New wizard
Select the Azure Container Service, as shown in Figure 5.
Figure 5: Selecting Azure Container Service
The Create Azure Container Service wizard gets started, as shown in Figure 6, with the Basics dialog for configuring basic settings displayed.
Figure 6: Create Azure Container Service>Basics
Specify a container service Name (hello-world-docker), and select a Subscription. For Resource group, select Use existing and select a resource group, as shown in Figure 7. Alternatively, select the Create new option.
Figure 7: Create Azure Container Service>Basics
Select a Location and click OK, as shown in Figure 8.
Figure 8: Configuring Basic Settings for a Azure Container Service
In Master configuration, provide master information, as shown in Figure 9.
Figure 9: Master Configuration
Select Orchestrator as Swarm, as shown in Figure 10.
Figure 10: Selecting Orchestrator as Docker Swarm
Specify a DNS name prefix (“docker” – an arbitrary name), and specify a User name, which is also an arbitrary name. In the SSH public key field, put the SSH RSA public key that was stored earlier in a text file, as discussed in the section Creating a SSH RSA Key Pair. Select Master count (1, 3, or 5), as shown in Figure 11. An odd number of master nodes are provisioned for high-availability requirements.
Figure 11: Providing master information
Click OK (see Figure 12).
Figure 12: Completing Master Configuration
In Agent configuration, specify the Agent count, select the Agent virtual machine size, and click OK, as shown in Figure 13.
Figure 13: Agent Configuration
In Summary, the Swarm configuration is validated and a “Validation passed” message should get displayed, as shown in Figure 14. Click OK.
Figure 14: Swarm Summary
The deployment of the Swarm gets started, as shown in Figure 15.
Figure 15: Deploying Azure Container Service
When the deployment gets completed, the message “Deployment succeeded” gets displayed (see Figure 16).
Figure 16: Deployment Succeeded
Exploring the Docker Swarm Cluster Resources
The resources for the Swarm get displayed, as shown in Figure 17. Click See more to display the complete list of resource generated.
Figure 17: Resources
All the Swarm resources get displayed, as shown in Figure 18. Swarm resource type is indicated in the TYPE column and includes virtual machines, virtual machine scale sets, public IP addresses, availability sets, load balancers, and network interfaces.
Figure 18: Swarm Resources
Connecting to a Swarm Master
To connect to a Swarm master, click a Swarm master virtual machine, as shown in Figure 18. Copy the Public IP Address from the Swarm master details page (see Figure 19).
Figure 19: Public IP Address of the Swarm Master
Click to copy the Swarm master Public IP Address, as shown in Figure 20.
Figure 20: Copying Swarm Master Public IP Address
Using the SSH private key, SSH port (2200), user name, and Public IP address, connect to the Swarm master VM:
deepak@Azure:~$ ssh -i /home/deepak/.ssh/id_rsa -p 2200 email@example.com
At the command prompt “Are you sure you want to continue connecting (yes/no)?”, specify “yes” and a connection gets established to the Swarm master, as shown in Figure 21. The Swarm master is indicated to be running Ubuntu OS.
Figure 21: Connecting to Swarm Master
A Swarm master VM runs the Docker engine by default.
In this article, we created a Docker Swarm cluster on Azure Container Service (ACS). An ACS Docker Swarm is not a Docker Swarm mode cluster, which has to be initialized as on any Docker host running version 1.12 or later. The other (other than Docker Swarm) options are to create a Mesos-based DC/OS or a Kubernetes cluster. An ACS Docker Swarm is a cluster of virtual machines running Docker. Azure Container Service provisions all the resources including virtual machines, public IP addresses, virtual machine scale sets, load balancers, and network interfaces. We connected to a Swarm master using a SSH RSA private key, user name, and Public IP Address of the Swarm master.