How to use docker swarm join-token command to manage join tokens

Introduction

In this lab, you will learn how to manage join tokens in a Docker Swarm using the docker swarm join-token command. You will explore how to view the join tokens for both worker and manager nodes, which are essential for adding new nodes to your swarm.

Specifically, you will practice viewing the worker join token, viewing the manager join token, and rotating the worker join token to enhance security. You will also learn how to view only the worker join token for streamlined information retrieval.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL docker(("Docker")) -.-> docker/ContainerOperationsGroup(["Container Operations"]) docker(("Docker")) -.-> docker/SystemManagementGroup(["System Management"]) docker/ContainerOperationsGroup -.-> docker/ps("List Running Containers") docker/ContainerOperationsGroup -.-> docker/exec("Execute Command in Container") docker/SystemManagementGroup -.-> docker/system("Manage Docker") subgraph Lab Skills docker/ps -.-> lab-555242{{"How to use docker swarm join-token command to manage join tokens"}} docker/exec -.-> lab-555242{{"How to use docker swarm join-token command to manage join tokens"}} docker/system -.-> lab-555242{{"How to use docker swarm join-token command to manage join tokens"}} end

View the worker join token

In this step, we will learn how to view the join token for a worker node in a Docker Swarm. The join token is a secret that allows a new node to join the swarm as a worker.

First, you need to initialize a Docker Swarm if you haven't already. You can do this by running the following command:

docker swarm init

This command will make the current node a manager node and initialize the swarm. The output will include the command to join the swarm as a worker.

To view the worker join token, you can use the docker swarm join-token worker command.

docker swarm join-token worker

This command will display the join token for worker nodes and the command to join the swarm as a worker. The output will look similar to this:

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 192.168.1.100:2377

The string after --token is the worker join token. You would use this token on a different machine to join the swarm as a worker.

View the manager join token

In the previous step, we learned how to view the join token for a worker node. In this step, we will learn how to view the join token for a manager node. The manager join token is used to add a new manager node to an existing swarm.

To view the manager join token, you can use the docker swarm join-token manager command.

docker swarm join-token manager

This command will display the join token for manager nodes and the command to join the swarm as a manager. The output will look similar to this:

To add a manager to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 192.168.1.100:2377

The string after --token is the manager join token. You would use this token on a different machine to join the swarm as a manager.

Rotate the worker join token

In this step, we will learn how to rotate the join token for worker nodes in a Docker Swarm. Rotating the join token invalidates the old token and generates a new one. This is a security measure that can be used if you suspect the worker join token has been compromised.

To rotate the worker join token, you can use the docker swarm join-token --rotate worker command.

docker swarm join-token --rotate worker

This command will generate a new worker join token and invalidate the old one. The output will show the new join token and the command to join the swarm with the new token.

Successfully rotated worker join token.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 192.168.1.100:2377

Notice that the token string is different from the one you saw in Step 1. The old token is now invalid and cannot be used to join the swarm.

View only the worker join token

In the previous steps, we viewed the full join command for both worker and manager nodes. Sometimes, you might only need the join token itself, without the full command. In this step, we will learn how to view only the worker join token.

To view only the worker join token, you can use the docker swarm join-token --quiet worker command.

docker swarm join-token --quiet worker

The --quiet flag suppresses the output of the full join command and only displays the token. The output will be just the token string:

SWMTKN-1-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

This is useful if you need to use the token in a script or automation process.

Summary

In this lab, we learned how to manage join tokens in a Docker Swarm using the docker swarm join-token command. We covered how to view the join token for both worker and manager nodes, which are essential for adding new nodes to the swarm.

Furthermore, we explored how to rotate the worker join token for enhanced security and how to specifically view only the worker join token output. These steps provide practical skills for managing the security and scalability of a Docker Swarm.