Next up, we are going to take a look at Weave Net and Scope by Weaveworks. This is one of the original Docker networking tools, and at its core, it is a mature software-defined networking service.
Weave Net is described as follows:
"Weave Net creates a container SDN that can run across any mixture of public and private cloud, virtual machines and bare metal. The container SDN can carry any layer 2 and layer 3 traffic, including multicast. If you can run it over Ethernet, you can run it on Weave Net."
In fact, there are two drivers provided by Weave, as follows:
- Weave Mesh is a local scope driver that operates without the need for a cluster store. It can be used to create networks that span non-clustered machines. With this, you get a single network called Weave, which spans all of the machines you have Weave launched on.
- Weave, like Docker's own overlay driver, is a global scope driver. This means that it can be used with Docker Swarm and Docker Compose, because of this, you will need to launch a cluster store.
First of all, let's look at the Weave driver and how to use it with Docker Swarm and then we will take a look at using the Weavemesh driver.
Like Docker multi-host networking, we will need to launch a service discovery instance and our Swarm cluster. Let's launch the service discovery host with Docker Machine:
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region lon1 --digitalocean-size 512mb --digitalocean-private-networking service-discovery
This time, we don't need to enable the Consul web interface, so run the following command:
docker $(docker-machine config service-discovery) run -d -p "8400:8400" -p "8500:8500" -h "consul" russmckendrick/consul agent -data-dir /data -server -bootstrap-expect 1 -client=0.0.0.0
Now launch the Docker Swarm cluster, first the master:
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region lon1 --digitalocean-size 1gb --digitalocean-private-networking --swarm --swarm-master --swarm-discovery="consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-store=consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-advertise=eth1:2376" chapter04-00
Then we will launch our first node:
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region lon1 --digitalocean-size 1gb --digitalocean-private-networking --swarm --swarm-discovery="consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-store=consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-advertise=eth1:2376" chapter04-01
Finally, we will launch the second node:
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region lon1 --digitalocean-size 1gb --digitalocean-private-networking --swarm --swarm-discovery="consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-store=consul://$(docker-machine ip service-discovery):8500" --engine-opt="cluster-advertise=eth1:2376" chapter04-02
To check whether everything is working as expected, run the following commands to switch our local Docker client to connect to the Swarm cluster and also check whether the three nodes are visible:
eval $(docker-machine env --swarm chapter04-00) docker info
Now that we have our cluster up and running, we can install and configure Weave. Installing Weave is simple, all you have to do is download the binary and give it the correct permissions. Let's do this on the Swarm master using docker-machine ssh to connect to the host and run the install command:
docker-machine ssh chapter04-00 'curl -L git.io/weave -o /usr/local/bin/weave; chmod a+x /usr/local/bin/weave'
Next, we start Weave, again using docker-machine ssh, we can run the following command:
docker-machine ssh chapter04-00 weave launch --init-peer-count 3
You will have notice that Weave deployed three containers from the Docker Hub, they are as follows:
- weaveworks/weaveexec
- weaveworks/weave
- weaveworks/plugin
Also, we are telling Weave to expect three peers to join the cluster by passing the --init-peer-count 3 flag, that's pretty much all we have to do to configure Weave on our first cluster node.
Next, we need to install Weave onto our other two cluster nodes, again using the docker-machine ssh command run the following:
docker-machine ssh chapter04-01 'curl -L git.io/weave -o /usr/local/bin/weave; chmod a+x /usr/local/bin/weave' docker-machine ssh chapter04-01 weave launch --init-peer-count 3
Now that we have Weave up and running on the node, we need to tell it to connect to the Weave installation running on the Swarm master. To do this, run the following command:
docker-machine ssh chapter04-01 weave connect "$(docker-machine ip chapter04-00)"
Then on our last cluster node, we will run the following command:
docker-machine ssh chapter04-02 'curl -L git.io/weave -o /usr/local/bin/weave; chmod a+x /usr/local/bin/weave' docker-machine ssh chapter04-02 weave launch --init-peer-count 3 docker-machine ssh chapter04-02 weave connect "$(docker-machine ip chapter04-00)"
Once all three nodes in the Swarm cluster have Weave installed and configured, we will run the following command to ensure that all three nodes are talking to each other:
docker-machine ssh chapter04-00 weave status
The command should return confirmation that there are three peers with six established connections along with other information about the installation, as shown in the following screenshot:
Now that we have confirmation that everything is working as expected, we will list the networks in Docker using the following command:
docker network ls
As per the following terminal session, you should see that there is a weavemesh network called weave on each of the nodes within the cluster; we will discuss more about that later:
So, let's launch our WordPress installation. The Docker Compose file looks a little different from the overlay network one:
version: '2'
services:
wordpress:
container_name: "my-wordpress-app"
image: wordpress
ports:
- "80:80"
environment:
- "WORDPRESS_DB_HOST=mysql.weave.local:3306"
- "WORDPRESS_DB_PASSWORD=password"
- "constraint:node==chapter04-01"
hostname: "wordpress.weave.local"
dns: "172.17.0.1"
dns_search: "weave.local"
volumes:
- "uploads:/var/www/html/wp-content/uploads/"
mysql:
container_name: "my-wordpress-database"
image: mysql
environment:
- "MYSQL_ROOT_PASSWORD=password"
- "constraint:node==chapter04-02"
hostname: "mysql.weave.local"
dns: "172.17.0.1"
dns_search: "weave.local"
volumes:
- "database:/var/lib/mysql"
volumes:
uploads:
driver: local
database:
driver: local
networks:
default:
driver: weave
I have highlighted a few changes from the Overlay Docker Compose file: first off, we will define a hostname and provide a DNS server and search domain. To get the right values for the dns and dns_search keys, you can run the following command to have Weave let you know what it has configured:
docker-machine ssh chapter04-00 weave dns-args
As you can see, in my case, it returned 172.17.0.1 and weave.local:
Also, for the MySQL connection from the WordPress container to the Database one, we are using the internal DNS name as well.
We are also letting Docker Compose create a network for us using the Weave driver, this will add a single network named after the project. Docker Compose gets the project name from the folder our Docker Compose file is, in my case, it's a folder called wordpress.
To launch your containers and check whether they are running as expected, run the following commands:
docker-compose up -d docker-compose ps docker ps
You should see something similar to the following terminal output:
If you really want to, you can access your WordPress installation by running the following command:
open http://$(docker-machine ip chapter04-01)/
There are some things happening in the background that Docker's multi-host networking doesn't give you, such as internal DNS. Weave has its own internal DNS system that you can register your containers with, as you saw in the Docker Compose file that we provided details for records for both containers. Run the following command:
docker-machine ssh chapter04-00 weave status dns
It will show you all the DNS records that Weave has configured. In my case, it looks like the following screenshot:
While we have our three-node Swarm cluster up and running, let's quickly install Scope. Scope is a tool for visualizing your Containers and host. We will just be installing it to run locally, but Weave Works will be offering a cloud-based service, which can be found at http://scope.weave.works/ (at the time of writing this book, it was in private beta).
Similar to the way we installed Weave Net, we will be using the docker-machine ssh command to download the binary and launch and configure the service.
We will write the code on the Swarm master first:
docker-machine ssh chapter04-00 'curl -L git.io/scope -o /usr/local/bin/scope; chmod a+x /usr/local/bin/scope' docker-machine ssh chapter04-00 scope launch
Then, we will write the code for remaining two nodes:
docker-machine ssh chapter04-01 'curl -L git.io/scope -o /usr/local/bin/scope; chmod a+x /usr/local/bin/scope' docker-machine ssh chapter04-01 scope launch $(docker-machine ip chapter04-00) docker-machine ssh chapter04-02 'curl -L git.io/scope -o /usr/local/bin/scope; chmod a+x /usr/local/bin/scope' docker-machine ssh chapter04-02 scope launch $(docker-machine ip chapter04-00)
As you can see on the two remaining nodes, we are telling Scope to connect to the Scope instance running on the Swarm master.
Now that Scope is installed, open it in your browser by running the following command:
open http://$(docker-machine ip chapter04-00):4040/
When your browser opens, you will be presented with a visual representation of your Swarm cluster, and the containers that are running.
I am not going to go into any more detail on Scope here, as at the moment, it doesn't have much to do with networking, have a look around to start seeing more information on your cluster and how it all hangs together. Mine looked similar to the following screenshot:
As you can see, while Weave is quite a powerful SDN, it is straightforward to configure. However, replicating the multi-host networking Docker provides is only one of its tricks.
Let's shut down our Swarm cluster and terminate the hosts before we start to look at the Weavemesh network driver:
docker-machine stop chapter04-00 chapter04-01 chapter04-02 service-discovery docker-machine rm chapter04-00 chapter04-01 chapter04-02 service-discovery
Before you move on, log in to your DigitalOcean control panel and make sure that you don't have any machines labelled with chapter04 running, remember that you will be charged per hour whether you are using them or not.
We have looked at how Weave Net can by used alongside a Docker Swarm cluster to create multi-host networking, now let's take a look at the second Weave network driver, Weavemesh. As you may recall, when we first installed Weave Net, a network called "weave" was automatically create using the "weavemesh" driver on each node within our cluster.
This time, let's bring up two independent Docker hosts DigitalOcean using Docker Machine. To make it interesting, we will launch one host in London and the other in New York City. As these are going to be acting as individual hosts, we do not need to launch a key/value store, or configure Docker Swarm.
First, type the following command to launch a host in London host:
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region lon1 --digitalocean-size 1gb mesh-london
Then, the following command is to launch another host is New York City.
docker-machine create --driver digitalocean --digitalocean-access-token sdnjkjdfgkjb345kjdgljknqwetkjwhgoih314rjkwergoiyu34rjkherglkhrg0 --digitalocean-region nyc2 --digitalocean-size 1gb mesh-nyc
Now that we have our two Docker hosts up and running, let's install and configure Weave:
docker-machine ssh mesh-london 'curl -L git.io/weave -o /usr/local/bin/weave; chmod a+x /usr/local/bin/weave' docker-machine ssh mesh-london weave launch --password 3UnFh4jhahFC
As you can see, this time we are telling Weave to launch with a password. This flag will enable encryption between the networking layer on our two hosts. Now that we have the London host configured, let's do the one in New York City and then get it talking to the host in London:
docker-machine ssh mesh-nyc 'curl -L git.io/weave -o /usr/local/bin/weave; chmod a+x /usr/local/bin/weave' docker-machine ssh mesh-nyc weave launch --password 3UnFh4jhahFC docker-machine ssh mesh-nyc weave connect "$(docker-machine ip mesh-london)"
Now that we have Weave configured on our two hosts, we can check the status of Weave by running the following command:
docker-machine ssh mesh-nyc weave status
As you can see from the following terminal output, encryption is enabled and we have two peers within our Weave network:
So, let's take a look at Weave's party trick. We will keep it basic to start with by launching our NGINX container:
docker $(docker-machine config mesh-nyc) run -itd --name=nginx --net=weave --hostname="nginx.weave.local" --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/nginx
Now we can check whether the container is up and running:
docker $(docker-machine config mesh-nyc) ps
Let's also check whether it's responding on port 80:
docker $(docker-machine config mesh-london) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base wget -q -O- http://nginx.weave.local
Finally, let's do a ping test:
docker $(docker-machine config mesh-london) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base ping -c 3 nginx.weave.local
Your terminal session should look something similar to the following screenshot:
On the surface, this test doesn't look like much; however, if you look closely at the commands we used, you will see just how powerful the weavemesh driver is.
First of all, when we launched our NGINX container on the New York City Docker host, we did not publish any ports, meaning that port 80 was only available on the weave network that we attached it to.
Secondly, when we ran the check on port 80 and did the ping test, we did that from our Docker host in London. We temporally launched a basic container, attached it to the weave network and configured it use Weave DNS service so that it could resolve the nginx.weave.local domain.
Let's do our tests again, but this time, using a local virtual machine:
docker-machine create -d virtualbox mesh-local
Now, install Weave as we did on our other two Docker hosts:
docker-machine ssh mesh-local 'sudo curl -L git.io/weave -o /usr/local/bin/weave; sudo chmod a+x /usr/local/bin/weave' docker-machine ssh mesh-local sudo weave launch --password 3UnFh4jhahFC docker-machine ssh mesh-local sudo weave connect "$(docker-machine ip mesh-london)"
Then run the tests again:
docker $(docker-machine config mesh-local) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base wget -q -O- http://nginx.weave.local
Run the ping test, as follows:
docker $(docker-machine config mesh-local) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base ping -c 3 nginx.weave.local
As you can see, it worked!
We now have three Docker hosts in our Weavemesh network, all of which can talk to each other. To prove this, we are going to do one final test. Let's launch a container on our local Docker host and try the tests from the New York City host.
Create a NGINX container called vm.weave.local on our local Docker host:
docker $(docker-machine config mesh-local) run -itd --name=vm --net=weave --hostname="vm.weave.local" --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/nginx
Then try connecting to port 80 and pinging the new container from the Docker host in New York City:
docker $(docker-machine config mesh-nyc) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base wget -q -O- http://vm.weave.local
docker $(docker-machine config mesh-nyc) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base ping -c 3 vm.weave.local
My terminal session looked similar to the following screenshot:
Now that we don't have the constants of the Docker Swarm cluster, we can also start to do some tasks that are only available outside of Swarm.
First of all, you attach container to the Weave network after they have been launched, let's launch an NGINX container called lonely on our London Docker host:
docker $(docker-machine config mesh-london) run -itd --name=lonely russmckendrick/nginx
Now, let's connect to the London Docker host and attached the container to the weave network:
docker-machine ssh mesh-london weave attach lonely
When you run the command, it will return an IP address. This will be the new IP address of our container; in my case, it is 10.40.0.0. Let's run our test from both the New York City and Local Docker hosts:
docker $(docker-machine config mesh-nyc) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base wget -q -O- 10.40.0.0 docker $(docker-machine config mesh-local) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base ping -c 3 10.40.0.0
Your terminal session should look similar to the following screenshot:
Now that we have our container on the network, we can manually add a DNS for the host by running the following command:
docker-machine ssh mesh-london weave dns-add lonely -h lonely.weave.local
As you can see, we can now access port 80 using http://lonely.weave.local from our New York City Docker host:
docker $(docker-machine config mesh-nyc) run -it --rm --net=weave --dns="172.17.0.1" --dns-search="weave.local" russmckendrick/base wget -q -O- lonely.weave.local
The only downside is that there is no easy way of adding the DNS resolution to the host we have attached to the "weave" network.
Now that we are finished with our Docker hosts, let's terminate them so that we don't incur unnecessary cost:
docker-machine stop mesh-local mesh-london mesh-nyc docker-machine rm mesh-local mesh-london mesh-nyc
Again, remember to check your DigitalOcean control panel to ensure that your hosts have been correctly terminated.
As you have seen and I have already mentioned, Weave is an incredibly powerful software-defined network, which is really easy to configure. Speaking from experience, this is a difficult combination to pull off, as most SDN solutions are incredibly complex to install, configure, and maintain.
We have only touched on what is possible with "weave" and "weavemesh" drivers. For a full feature list, along with instructions on some most of the advanced use cases, refer to http://docs.weave.works/weave/latest_release/features.html.