How To Install Docker Swarm on Ubuntu 24.04 LTS
In this tutorial, we will show you how to install Docker Swarm on Ubuntu 24.04 LTS. Docker Swarm offers a powerful yet straightforward approach to container orchestration, allowing system administrators and developers to create resilient, scalable application infrastructures. With Ubuntu 24.04 LTS providing a stable foundation, deploying Docker Swarm becomes an efficient solution for managing containerized applications across multiple nodes. This comprehensive guide walks you through the complete process of installing and configuring Docker Swarm on Ubuntu’s latest LTS release, ensuring you can leverage its full capabilities for your production environment.
Prerequisites and Environment Setup
Before diving into the Docker Swarm installation process, certain prerequisites must be met to ensure a smooth deployment. A proper environment setup lays the foundation for a stable and reliable container orchestration system.
For this guide, you’ll need:
- At least two Ubuntu 24.04 LTS servers (one manager node and one or more worker nodes)
- Each server should have at least 2GB RAM and 2 CPU cores for optimal performance
- Sufficient storage space (minimum 20GB recommended)
- All nodes must have static IP addresses and unrestricted network connectivity
- SSH access configured on all machines
- A non-root user with sudo privileges on each server
Network prerequisites are particularly important for Swarm functionality. Docker Swarm requires the following ports to be open between nodes:
- TCP port 2377 for cluster management communications
- TCP and UDP port 7946 for node-to-node communication
- UDP port 4789 for overlay network traffic
Ensuring these prerequisites are met beforehand will prevent common issues during the installation and configuration process.
Updating Ubuntu 24.04 System
Before installing Docker and setting up Swarm, it’s essential to update your Ubuntu 24.04 system to the latest package versions. This ensures compatibility and provides security patches that may be critical for a production environment.
To update your system, execute these commands:
sudo apt update
sudo apt upgrade -y
Next, install essential dependencies that Docker requires:
sudo apt install curl apt-transport-https ca-certificates software-properties-common -y
These packages enable secure communication with external repositories and provide necessary tools for the Docker installation process.
After updating the system, verify that everything is functioning correctly by checking the system status:
sudo systemctl status systemd-resolved
This command ensures that your system’s DNS resolver is operational, which is crucial for Docker’s networking capabilities.
Installing Docker on Ubuntu 24.04
Installing Docker on Ubuntu 24.04 is a straightforward process that requires adding the official Docker repository and installing the necessary packages. Follow these steps to ensure a clean installation:
Remove any existing Docker installations
If you have an older version of Docker installed, remove it first:
sudo apt remove docker docker-engine docker.io containerd runc -y
Add Docker’s official GPG key
Import Docker’s GPG key to verify package integrity:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Set up the Docker repository
Add the official Docker repository to your system:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Update package index and install Docker
Update the package index with the new repository and install Docker:
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
Verify the installation
After installation, verify that Docker is running properly:
sudo systemctl status docker
You should see output indicating that the Docker service is active and running. To test the installation, run the hello-world container:
sudo docker run hello-world
If Docker is installed correctly, you’ll see a success message indicating that your installation is working properly.
Post-Installation Configuration
After installing Docker, several post-installation steps are necessary to optimize your experience and prepare the environment for Docker Swarm.
Adding your user to the Docker group
By default, Docker commands require sudo privileges. To avoid this, add your user to the Docker group:
sudo usermod -aG docker $USER
Log out and log back in for the changes to take effect. Verify that you can run Docker commands without sudo:
docker version
Configuring Docker to start on boot
Ensure Docker starts automatically when your system boots:
sudo systemctl enable docker
Setting up Docker daemon options
Create or modify the daemon.json file to customize Docker’s behavior:
sudo mkdir -p /etc/docker
sudo nano /etc/docker/daemon.json
Add configurations such as the default logging driver and storage options:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2"
}
After saving the file, restart Docker to apply the changes:
sudo systemctl restart docker
These configurations help manage log file size and optimize Docker’s storage performance.
Docker Swarm Architecture
Understanding Docker Swarm’s architecture is crucial before deploying it. Docker Swarm follows a manager-worker architecture with distinct components that work together to provide container orchestration.
Manager Nodes: These nodes handle the cluster management tasks and store the cluster state. They implement the Raft consensus algorithm to maintain consistency across the swarm. It’s recommended to have an odd number of manager nodes (3, 5, or 7) for fault tolerance.
Worker Nodes: These execute the containers assigned by manager nodes. They don’t participate in the Raft consensus algorithm but focus on running workloads.
Services: The primary unit of work in Swarm. A service defines a container image, number of replicas, network configurations, and other deployment parameters.
Tasks: Each container instance of a service is called a task. If a service is configured with three replicas, Swarm creates three tasks, each running one container.
Control Plane vs. Data Plane: The control plane consists of manager nodes that maintain cluster state, while the data plane comprises worker nodes running actual workloads.
Docker Swarm offers several advantages, including:
- Built-in load balancing capabilities
- TLS mutual authentication and encryption
- Incremental service updates
- DNS-based service discovery
- Declarative service model
This architecture provides a robust foundation for container orchestration with built-in redundancy and high availability.
Initializing Docker Swarm
Initializing Docker Swarm transforms a standalone Docker host into a Swarm manager node. This process creates the initial swarm configuration and generates tokens for adding additional nodes.
Initializing the first manager node
To initialize Docker Swarm on your first node, use the following command:
docker swarm init --advertise-addr <MANAGER-IP>
Replace <MANAGER-IP>
with the IP address of the node that other nodes will use to communicate with this manager.
For example:
docker swarm init --advertise-addr 192.168.1.10
Upon successful initialization, you’ll see output similar to:
Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c 192.168.1.10:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
The output provides the command needed to add worker nodes to your swarm.
Configuring default address pools
You can customize the IP address ranges used by Swarm overlay networks during initialization:
docker swarm init --advertise-addr <MANAGER-IP> --default-addr-pool 10.10.0.0/16 --default-addr-pool 10.11.0.0/16
This specifies custom CIDR ranges for overlay networks instead of using the default range.
Verifying Swarm initialization
After initialization, verify that your swarm is properly configured:
docker info
Look for the “Swarm” section in the output, which should show that swarm mode is active and this node is a manager.
To see detailed information about the swarm:
docker node ls
This command displays all nodes in the swarm, with the current node marked as “Leader”.
Adding Worker Nodes to the Swarm
Expanding your Docker Swarm by adding worker nodes increases the cluster’s capacity and resilience. This section guides you through the process of adding worker nodes to your swarm.
Generating join tokens
Docker Swarm uses tokens to authenticate nodes joining the cluster. To retrieve the worker join token from a manager node, run:
docker swarm join-token worker
This command displays the full join command with the token that worker nodes should use.
To generate a manager join token (for adding additional manager nodes):
docker swarm join-token manager
Joining a worker node to the swarm
On each worker node, run the join command provided by the manager:
docker swarm join --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c 192.168.1.10:2377
Upon successful execution, you’ll see:
This node joined a swarm as a worker.
Verifying node addition
Return to the manager node and verify that the new worker has joined the swarm:
docker node ls
The output should show all nodes in your swarm with their respective roles and status.
Troubleshooting join issues
If a node fails to join the swarm, check the following:
- Network connectivity between nodes (test with ping)
- Firewall settings (ensure required ports are open)
- Correct token usage (worker vs. manager tokens)
- Time synchronization between nodes
To diagnose networking issues, use:
docker network inspect ingress
This provides information about the swarm’s ingress network, which is essential for inter-node communication.
Managing Docker Swarm Nodes
Effective node management is crucial for maintaining a healthy Docker Swarm cluster. This section covers essential node management tasks and best practices.
Listing and inspecting swarm nodes
To list all nodes in your swarm:
docker node ls
To view detailed information about a specific node:
docker node inspect <NODE-ID>
For a more readable format:
docker node inspect <NODE-ID> --pretty
Managing node availability
Docker Swarm nodes can be in one of three availability states:
- Active: Normal state where nodes accept tasks
- Pause: The node doesn’t receive new tasks but keeps existing ones
- Drain: The node doesn’t accept new tasks and redistributes existing ones
To change a node’s availability:
docker node update --availability drain <NODE-ID>
This is particularly useful when performing maintenance on a node.
Promoting workers to managers
To increase the number of manager nodes for better fault tolerance:
docker node promote <NODE-ID>
Best practice suggests maintaining an odd number of managers (3, 5, or 7) to ensure quorum during network partitions.
Demoting managers to workers
If you need to reduce the number of manager nodes:
docker node demote <NODE-ID>
Always ensure you maintain enough managers for quorum (N/2+1).
Removing nodes from the swarm
To remove a node from the swarm, first drain it:
docker node update --availability drain <NODE-ID>
Then, on the node being removed, run:
docker swarm leave
For a manager node, add the --force
flag:
docker swarm leave --force
Finally, remove the node from the swarm’s node list:
docker node rm <NODE-ID>
Node labeling for task placement
Labels can be added to nodes to influence service deployment:
docker node update --label-add zone=east <NODE-ID>
These labels can later be used in service constraints to control where containers run.
Creating and Deploying Services
Services are the core workload units in Docker Swarm. They define what containers run and how they should be deployed across the cluster.
Creating a basic service
To create a simple service running Nginx:
docker service create --name web-server --publish 80:80 nginx
This command creates a service named “web-server” that publishes port 80 and runs the Nginx image.
Service deployment strategies
Docker Swarm supports two deployment modes:
- Replicated: The service runs a specified number of replicas across the swarm
- Global: The service runs one instance on each node in the swarm
For a replicated service with 3 instances:
docker service create --name redis --replicas 3 redis
For a global service:
docker service create --name monitoring --mode global prometheus/node-exporter
Declarative service deployment
While the commands above use the imperative approach, Docker Swarm also supports declarative deployments using Docker Compose:
version: '3.8'
services:
web:
image: nginx
ports:
- "80:80"
deploy:
replicas: 3
placement:
constraints:
- node.role == worker
Save this to docker-compose.yml
and deploy it with:
docker stack deploy -c docker-compose.yml web-stack
Service constraints and preferences
To control where services run, use placement constraints:
docker service create --name db --constraint node.labels.zone==east mysql
Implementing health checks
Health checks ensure services are functioning correctly:
docker service create --name web --health-cmd "curl -f http://localhost || exit 1" --health-interval 5s --health-retries 3 nginx
This configuration checks service health every 5 seconds using the specified command.
Scaling and Load Balancing
One of Docker Swarm’s key strengths is its ability to scale services and distribute traffic automatically. This section covers scaling operations and load balancing features.
Manual scaling of services
To scale a service to a specific number of replicas:
docker service scale web-server=5
This increases or decreases the number of containers running for the service.
To scale multiple services simultaneously:
docker service scale web-server=3 redis=2
Implementing rolling updates
Docker Swarm supports rolling updates to minimize downtime:
docker service update --image nginx:alpine --update-parallelism 2 --update-delay 20s web-server
This updates the web-server service to use the nginx:alpine image, updating 2 containers at a time with a 20-second delay between updates.
Built-in load balancing
Docker Swarm provides automatic load balancing for services. When you publish a port with a service, Swarm creates a virtual IP (VIP) that distributes incoming requests across all service replicas.
To check the VIP for a service:
docker service inspect --format '{{.Endpoint.VirtualIPs}}' web-server
External load balancer integration
For production deployments, you might want to integrate with external load balancers:
docker service create --name web --publish published=8080,target=80,mode=host nginx
Using mode=host
bypasses the routing mesh, allowing direct integration with external load balancers.
Docker Swarm Networking
Docker Swarm provides sophisticated networking capabilities that allow containers to communicate securely across nodes. Understanding these features is essential for building robust applications.
Overlay networking configuration
Overlay networks enable container-to-container communication across nodes:
docker network create --driver overlay --attachable frontend
To create an encrypted overlay network:
docker network create --driver overlay --opt encrypted frontend-secure
Network segmentation and isolation
Create separate networks for different application tiers:
docker network create --driver overlay frontend
docker network create --driver overlay backend
Then deploy services to specific networks:
docker service create --name web --network frontend nginx
docker service create --name db --network backend postgres
Service discovery mechanisms
Docker Swarm provides automatic DNS-based service discovery. Containers can communicate with each other using service names:
docker service create --name web --network frontend nginx
docker service create --name api --network frontend api-service
From inside the web container, you can now connect to the API service using its name (“api”).
Volumes and Persistent Storage
Persistent storage is crucial for stateful applications. Docker Swarm provides several options for managing data that needs to persist beyond the lifetime of containers.
Volume drivers for Docker Swarm
Docker Swarm supports various volume drivers:
docker plugin install rexray/ebs
Setting up persistent storage
Create a named volume:
docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.100,rw --opt device=:/path/to/share data-volume
Use the volume with a service:
docker service create --name db --mount type=volume,source=data-volume,target=/var/lib/mysql mysql
Backup strategies for volumes
For backing up volume data:
docker run --rm -v data-volume:/source -v backup:/destination alpine sh -c "cp -a /source/. /destination/"
This command copies data from a source volume to a backup volume using an Alpine Linux container.
Security Best Practices
Security is paramount when deploying Docker Swarm in production environments. Following best practices helps protect your infrastructure from potential threats.
Securing the Swarm with TLS
Docker Swarm automatically configures TLS for control plane communication. To rotate the certificates:
docker swarm ca --rotate
Secret management in Docker Swarm
Docker Swarm provides a native secrets management system:
echo "supersecret" | docker secret create db_password -
Use the secret in a service:
docker service create --name db --secret db_password mysql
The secret is mounted at /run/secrets/db_password
inside the container.
Role-Based Access Control (RBAC)
Implement RBAC for Docker API access using external solutions like Kubernetes RBAC or Docker Enterprise Edition.
Network security and encryption
Enable encryption for application data:
docker network create --driver overlay --opt encrypted app-network
This encrypts all overlay network traffic between containers.
Troubleshooting Docker Swarm
Even with careful planning, issues can arise in Docker Swarm deployments. This section provides guidance on identifying and resolving common problems.
Common initialization failures
If swarm initialization fails, check:
- Network connectivity
- Firewall settings
- Port availability (especially port 2377)
Run diagnostics with:
docker info
Network connectivity issues
For network troubleshooting:
docker network inspect ingress
Test container-to-container communication with:
docker run --rm --network <network-name> alpine ping <service-name>
Service deployment problems
If services won’t start:
docker service ps --no-trunc <service-name>
This shows detailed information about service tasks, including error messages.
Log collection and analysis
To view service logs:
docker service logs <service-name>
For container-specific logs:
docker logs <container-id>
These tools help identify the root causes of issues in your swarm deployment.
Maintenance and Updates
Regular maintenance ensures your Docker Swarm cluster remains healthy and secure. This section covers essential maintenance tasks and update procedures.
Updating Swarm services without downtime
To update a service with zero downtime:
docker service update --image nginx:latest --update-parallelism 1 --update-delay 30s web-server
This gradually updates containers one at a time with a 30-second delay between updates.
Backing up Swarm state
To back up Swarm’s internal state:
sudo tar -czf swarm-backup.tar.gz /var/lib/docker/swarm
This creates a compressed archive of Swarm’s state data.
Manager node maintenance
When performing maintenance on manager nodes, first drain the node:
docker node update --availability drain <NODE-ID>
After maintenance, restore it to active status:
docker node update --availability active <NODE-ID>
Always maintain quorum by keeping at least (N/2+1) manager nodes operational during maintenance.
Congratulations! You have successfully installed Docker Swarm. Thanks for using this tutorial to install the latest version of the Docker Swarm on Ubuntu 24.04 LTS. For additional help or useful information, we recommend you check the official Docker website.