Installing Docker Swarm on AWS

Installing Docker Swarm on AWS
Docker Swarm

A Docker swarm consists of multiple Docker hosts which run in swarm mode and act as managers and workers (which run swarm services). A given Docker host can be a manager, a worker, or perform both roles. When you create a service, you define its optimal state (number of replicas, network and storage resources available to it, ports the service exposes to the outside world, and more). Docker works to maintain that desired state. For instance, if a worker node becomes unavailable, Docker schedules that node’s tasks on other nodes. A task is a running container which is part of a swarm service and managed by a swarm manager, as opposed to a standalone container.

One of the key advantages of swarm services over standalone containers is that you can modify a service’s configuration, including the networks and volumes it is connected to, without the need to manually restart the service. Docker will update the configuration, stop the service tasks with the out of date configuration, and create new ones matching the desired configuration.

When Docker is running in swarm mode, you can still run standalone containers on any of the Docker hosts participating in the swarm, as well as swarm services. A key difference between standalone containers and swarm services is that only swarm managers can manage a swarm, while standalone containers can be started on any daemon. Docker daemons can participate in a swarm as managers, workers, or both.

Concepts related to Docker swarm

Concepts related to Docker swarm are detailed below.


A node is an instance of the Docker engine participating in the swarm. You can run one or more nodes on a single physical computer or cloud server, but production swarm deployments typically include Docker nodes distributed across multiple physical and cloud machines.

Manager nodes also perform the orchestration and cluster management functions required to maintain the desired state of the swarm. Manager nodes elect a single leader to conduct orchestration tasks.

Worker nodes receive and execute tasks dispatched from manager nodes. By default manager nodes also run services as worker nodes, but you can configure them to run manager tasks exclusively and be manager-only nodes. An agent runs on each worker node and reports on the tasks assigned to it. The worker node notifies the manager node of the current state of its assigned tasks so that the manager can maintain the desired state of each worker.

Services and tasks

A service is the definition of the tasks to execute on the manager or worker nodes. It is the central structure of the swarm system and the primary root of user interaction with the swarm.

When you create a service, you specify which container image to use and which commands to execute inside running containers. In the replicated services model, the swarm manager distributes a specific number of replica tasks among the nodes based upon the scale you set in the desired state.

For global services, the swarm runs one task for the service on every available node in the cluster.

A task carries a Docker container and the commands to run inside the container. It is the atomic scheduling unit of swarm. Manager nodes assign tasks to worker nodes according to the number of replicas set in the service scale. Once a task is assigned to a node, it cannot move to another node. It can only run on the assigned node or fail.

Load balancing

The swarm manager uses ingress load balancing to expose the services you want to make available externally to the swarm. The swarm manager can automatically assign the service a PublishedPort or you can configure a PublishedPort for the service. You can specify any unused port. If you do not specify a port, the swarm manager assigns the service a port in the 30000-32767 range.

External components, such as cloud load balancers, can access the service on the PublishedPort of any node in the cluster whether or not the node is currently running the task for the service. All nodes in the swarm route ingress connections to a running task instance.

Swarm mode has an internal DNS component that automatically assigns each service in the swarm a DNS entry. The swarm manager uses internal load balancing to distribute requests among services within the cluster based upon the DNS name of the service.

Deploying Docker Swarm on AWS

In order to apply these concepts we are going to set up a Docker Swarm on AWS, running three AWS EC2 t2.micro instances.

We are going to go through the following activities:

  • initializing a cluster of Docker Engines in swarm mode
  • adding nodes to the swarm
  • deploying application services to the swarm
  • managing the swarm once you have everything running

We are going to launch and install Docker on three Ubuntu Linux EC2 instances, so if you need to refresh the steps, please check this post about EC2.

We will use the AWS CLI to automate this, but you can use AWS Management Console. As we want to install and deploy docker automatically when the EC2 instance is launched we will create a bootstrap.txt file with the following content:

#!/usr/bin/env bash
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt-get -y install docker-ce

From our post about AWS EC2, we know the commands we need to run using AWS CLI is:

aws ec2 run-instances --image-id ami-0a313d6098716f372 --instance-type t2.micro --key-name east-key --user-data file://bootstrap.txt

Run this command three times so we have three EC2 instances, 1 for Swarm Manager and other 2 for Swarm Workers.

We will use the AWS Management console to name them, Swarm Manager and Swarm Worker 1 and 2. You should see something similar to this on your AWS Console:

Also make sure the three EC2 instances belong to the same Security group and communication is allowed within the Security Group. You should have a rule which allows the communication between the hosts like the one shown below:

After you complete the tutorial setup steps, you’re ready to create a swarm. Make sure the Docker Engine daemon is started on the host machines.
We are going to connect to our Swarm manager and initiate the Swarm, advertising the private ip address of the EC2 instance that will be the manager:

docker swarm init --advertise-addr
Swarm initialized: current node (qm6q45gub5x172r4y369pz55k) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-32rqqx0rgi5qqbsojwqgwibk5rnfhs8q2ut3al1mdxxhqpsf8o-cxs1nljrsehlu29l4kk7y7ox8

Lets check docker info is recognising the server as manager:

docker info | grep "Is Manager"
 Is Manager: true

Run the docker node ls command to view information about nodes:

docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
qm6q45gub5x172r4y369pz55k *   ip-172-31-42-179    Ready               Active              Leader              18.09.5
hozj9s1dwb8k6pitw7zeiwjyh     ip-172-31-82-34     Ready               Active                                  18.09.5
xju86j2py6usrcegenxqllpdw     ip-172-31-85-197    Ready               Active                                  18.09.5

Joining the Docker Swarm Cluster

Once you’ve created a swarm with a manager node, you’re ready to add worker nodes.

Let’s connect to the other two EC2 instances and join them to the Swarm

Run the command produced by the docker swarm init output from the Create a swarm step to create a worker node joined to the existing swarm:

docker swarm join --token  SWMTKN-1-32rqqx0rgi5qqbsojwqgwibk5rnfhs8q2ut3al1mdxxhqpsf8o-cxs1nljrsehlu29l4kk7y7ox8

After running the command you should see this output:

 This node joined a swarm as a worker.

Let’s run docker node ls now on the manager and check the output

# docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
qm6q45gub5x172r4y369pz55k *   ip-172-31-42-179    Ready               Active              Leader              18.09.5
hozj9s1dwb8k6pitw7zeiwjyh     ip-172-31-82-34     Ready               Active                                  18.09.5
xju86j2py6usrcegenxqllpdw     ip-172-31-85-197    Ready               Active                                  18.09.5

Now that we have a functional Docker Swarm, we can deploy a service.

Deploy a service to the swarm

Open a terminal and ssh into the machine where you run your manager node.

Run the following command:

docker service create --replicas 1 --name helloworld alpine ping

The docker service create command creates the service.
The –name flag names the service helloworld.
The –replicas flag specifies the desired state of 1 running instance.
The arguments alpine ping define the service as an Alpine Linux container that executes the command ping

Run docker service ls to see the list of running services:

docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
u8vh8e33g7sc        helloworld          replicated          1/1                 alpine:latest 

Scale the service in the swarm

Once you have deployed a service to a swarm, you are ready to use the Docker CLI to scale the number of containers in the service. Containers running in a service are called “tasks.”

Run the following command to change the desired state of the service running in the swarm:

docker service scale <SERVICE-ID>=<NUMBER-OF-TASKS>

We will try this with a scale of 5

docker service scale helloworld=5
helloworld scaled to 5
overall progress: 5 out of 5 tasks 
1/5: running   [==================================================>] 
2/5: running   [==================================================>] 
3/5: running   [==================================================>] 
4/5: running   [==================================================>] 
5/5: running   [==================================================>] 
verify: Service converged 

Run docker service ps helloworld to see the updated task list:

docker service ps helloworld
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR                         PORTS
vtc7v6hkv1zc        helloworld.1        alpine:latest       ip-172-31-85-197    Running             Running 4 minutes ago                                  
hbue30j5hocx        helloworld.2        alpine:latest       ip-172-31-82-34     Running             Running 43 seconds ago                                 
84o6f35tgedk        helloworld.3        alpine:latest       ip-172-31-42-179    Running             Running 44 seconds ago                                 
0hfe79sbpb1b        helloworld.4        alpine:latest       ip-172-31-42-179    Running             Running 44 seconds ago                                 
efqs817en02g        helloworld.5        alpine:latest       ip-172-31-85-197    Running             Running 44 seconds ago     

You can also run docker ps on the workers and manager to see the containers running:

root@ip-172-31-42-179:/home/ubuntu# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
c5cfa6484613        alpine:latest       "ping"   2 minutes ago       Up 2 minutes                            helloworld.3.84o6f35tgedkjuuir16b9sugl
1d763f4e1539        alpine:latest       "ping"   2 minutes ago       Up 2 minutes                            helloworld.4.0hfe79sbpb1bjmt1m2mdnov6q

root@ip-172-31-82-34:/home/ubuntu# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
cc4bd56d18b3        alpine:latest       "ping"   2 minutes ago       Up 2 minutes                            helloworld.2.hbue30j5hocx43nlf0cxo9cwl

root@ip-172-31-85-197:/home/ubuntu# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
74ec48df1fdc        alpine:latest       "ping"   2 minutes ago       Up 2 minutes                            helloworld.5.efqs817en02gjkouunbek3286
d200fc9e2ce8        alpine:latest       "ping"   6 minutes ago       Up 5 minutes                            helloworld.1.vtc7v6hkv1zc7neefjd57uat9

Now that we have learnt how to create a swarm and run a service on it, we can delete the service

Delete the service running on the swarm

Run docker service rm helloworld to remove the helloworld service.

docker service rm helloworld

Check the containers have been shutdown with docker ps:

docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES