Wednesday, September 26, 2018

docker: replicated vs global services

When in Docker swarm mode, an application image is deployed by creating a service, run across a Docker swarm (on worker nodes), rather than a container running on an individual host.

There are two modes a service can be run in: replicated and global.

Replicated mode - a set number of identical containers are created, and that number can be modified via the “--replicas” & “--scale” switches. The default mode is replicated, and the default number of replicas is 1.

docker service create --name replica-test --replicas 3 nginx

Global mode - creates an identical container on each node in the swarm, this number cannot be modified (only removed entirely).

docker service create --name global-test --mode global httpd

When using replicated mode, you declare a desired service state by creating or updating a service, the orchestrator realizes the desired state by scheduling tasks. For instance, you define a service that instructs the orchestrator to keep three instances of an HTTP listener running at all times. The orchestrator responds by creating three tasks. Each task is a slot that the scheduler fills by spawning a container. The container is the instantiation of the task. If an HTTP listener task subsequently fails its health check or crashes, the orchestrator creates a new replica task that spawns a new container. (source)

When using global mode, you declare the desired service state by creating a global service. The orchestator then creates a task and schedules it for every node in the swarm, there is no defining how many many containers are created or which nodes they are created on, as it runs a single instance on all of the nodes. If a node is added to the swarm, the orchestator creates and schedules a task for the global service on the new node. Common use cases would include monitoring agents and security applications (AV software).

The diagram below, is from the Docker docs, and shows our nginx three-service replica in yellow and our apache (httpd) global service in gray.

Tuesday, September 25, 2018

AWS Certified Solutions Architect

I started digging into AWS, Amazon Web Services, around March of this year. At first, it was just to understand their offerings, and terminology, so I could speak intelligently to the subject with my peers.

And then, as I was fiddling around with their services, it dawned on my how powerful the tools were. I could spin up servers with a few clicks, easily monitor those instances with CloudWatch, get pricing alerts with SNS, and was blown away when I deployed my entire testing environment with Elastic Beanstalk.

And so my "fiddling around" intensified, and I wound up with 18 pages of note, dozens of hours labbing, at least a hundred hours of study, 45 minutes of test taking and on the first attempt I am an AWS Certified Solutions Architect - Associate.

Resources Used:

Linux Academy -

AWS CSAA Official Study Guide -

AWS Documentation -