Backup Data in Docker Swarm

Data in Docker Swarm Cluster need to be backed up. Backup can be performed only on acting Manager node. All swarm data lies in /var/lib/docker/swarm directory.

Example of storing docker version in environment variable : ENGINE=$(docker version -f ‘{{.Server.Version}}’)

Steps to take the backup :

1. Stop the Docker Service (service docker stop)
2. Create the backup (tar cvzf “/tmp/swarm-${ENGINE}-$(hostname -s)-$(date %s%z).tgz” /var/lib/docker/swarm)

There is a mandatory clauses for restoring data on another machine

1. Docker Engine versions must exactly match
2. IP address of the node should remain the same (it is for the case when the backup is restored on the same node it was previously made on)
3. As a Backup, restoring data can be done only on Master node

Steps to restore the backup :

1. Stop the Docker Service (service docker stop)
2. Untar archive containing the backup (tar -xvf <archive file name> ) -C /var/lib/docker/swarm)
3. Start the Docker Service (service docker start)
4. Create new Cluster from restored data (docker swarm init –force-new-cluster)

There is a difference between the state of the Cluster before and after backup : after backup previously existing Worker nodes are not in the Cluster anymore. They must be added to the Cluster again.

See more about Docker Swarm restore and backup here.

Docker Networking

How do Docker Containers get their unique IP address assigned ? For this Docker establishes another network interface (interface is usually called docker0, see output of command ip a). Container’s IP address can be found in docker inspect <container id> command output. Note that Docker Container is not pingable by its id, but answers if being pinged by its IP address.

docker network ls – command that displays all Docker Networks on the host (see elaborated information on docker networks below)

docker network create <network name> – command that creates new Docker Network

docker run -d -P –net <existing docker network name> <image name> – example of creating Docker Container in the given Docker Network (overriding default Docker Network)

docker inspect <existing docker network name> – command displaying thorough information about given Docker Network ; Containers section shows information about Docker Containers created in the given Docker Network

Docker Containers belonging to different Docker Networks are not mutually pingable. Though Docker Network’s gateways are pingable.

docker network connect <network name> <container name> – command to connect given container to given network

Important thing to note is that, unlike in default docker0 network, containers in custom Docker Network can ping each other not only by IP address, but also by Container id.

Networking Drivers in Docker

Docker Containers are not assigned IP addresses manually, only automatically, by Networking Driver. Networking Driver is an engine that allows different network members (VMs, hosts) to talk to each other. Drivers in Docker world are :

• Bridge : using Bridge drivers, all Docker Containers communicate with each other. With Bridge driver, all containers located on the same host have different IP addresses. Bridge is a default driver in Docker Networking
• Host : all Docker Containers are assigned the same IP address as the host machine. So only one Docker Container can be created on the host. docker run -d -P –net host <image name> – example of command creating Docker Container using host driver
• null (none network) : docker run -d -P –net none <image name> – example of command creating Docker Container using null driver
• overlay : default driver for Docker Swarm. Docker Swarm comes with so called Container Network Model by default (unlike Kubernetes, which does not come up with Container Network Interface, CNI has to be installed additionally). Overlay networks connect multiple Docker daemons together and enable Docker Swarm services to communicate with each other.