The background,

In a recent deployment of Redis master/slave replication using Rancher 2.5.5, we found that Rancher generated a number of iptables rules that prevented us from using the master/slave replication function of Redis on the machine where Rancher was deployed. Because my understanding of Rancher and K8S is limited to understanding the network architecture and use, and I do not have a deep understanding of the bottom layer, so I cannot solve the problem of network conflict in a short term.

Therefore, I changed the mode of Managing Docker from Rancher to protainer, which is relatively lightweight and took several hours to learn during the building process. Now I will try to restore the whole process to give you some reference.

Two, operation steps

  1. Install Portiner
  2. The management node
  3. The deployment of the container

3. Install Portiner

There are many ways to install Portiner, but I always prefer the simplest way to do what I need to do, so I’ll build it the way Docker does.

3.1 docker deployment

Docker is deployed in a very simple way, just need to execute a simple run container command, as shown below.

docker run -d \
-p 9000:9000 \
-p 8000:8000 \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /opt/docker/portainer-ce/data:/data \
--name portainer-ce portainer/portainer-ce
Copy the code

In the command, port 8000 and 9000 of the physical machine are mapped to port 8000 and port 9000 of the container, and docker communication file /var/run/docker.sock of the host machine is also mapped to the container. In addition, for persistent deployment, The /opt/docker/portainer-ce/data directory is also mapped to the /data directory of the container. After the command is executed, the output information is as follows

Can see in the above has successfully run a docker container, then I need to verify whether the normal operation, use the browser to access URLhttp: / / 127.0.0.1:9000 / address, the result is shown below

In the figure above, you can see that the Portainer system is now accessible, indicating a successful system installation.

3.2 Node Initialization

Now I need to set the administrator account password. After I simply fill in the password and confirm the password, click the Create User button to Create the administrator account.

After the administrator account is set, initialize it, as shown in the following figure

There are three options in the image above, I choose to use Portainer to manage the local Docker application, clickConnectButton to complete the initialization operation.

3.3 Function Exploration

Once the initialization is complete, you can enter the Portainer working interface, as shown below

In the figure above, we can see that there is already a local node in the Portainer system. We can click it to enter the node management, as shown in the figure below

In the figure above you can see that the Portainer system lists the Stack, container information, mirror information, disk information, network information of the local node, and so on. Here I click on the Containers block at will to see the container list, as shown below

In the figure above, you can see that there are two containers in the container list, and the running state of the containers, which can also be controlled.

4. Management nodes

Now the local Docker can be controlled, but I am not satisfied with this, I need to control other machines as well.

4.1 Starting to Add nodes

In the Portainer system, there’s oneendpointsIn this menu, you can add multiple nodes, as shown in the figure belowAs you can see in the figure above, there is already onelocalThere is one at the top of the listAdd endpointButton, click the button to go to the details page of adding nodes, as shown in the figure below

As you can see in the figure above, there are 5 options. Here I chose the simplest one, using the Docker API for control.

4.2 Open API control

This method needs to add parameters in the docker launcher of the node, so I need to log in to the node server first. The SSH login command of the server is as follows

ssh [email protected]
Copy the code

After the command is executed, the following figure is displayed

In the figure above, you can see that you have entered the server where the node is located. Then you need to edit the docker startup configuration file, as shown below

vim /usr/lib/systemd/system/docker.service
Copy the code

After the command is executed, you can modify the configuration on the Vim editing interface, as shown in the following figure

Add the enabling remote access code to the docker startup command line, as shown below

- H TCP: / / 0.0.0.0:2375 - H Unix: / / / var/run/docker. The sockCopy the code

Copy the code to/usr/bin/dockerd After the program, as shown below

After saving the configuration file, restart the Docker service. The command for restarting the Docker service is as follows

systemctl daemon-reload  && systemctl restart docker
Copy the code

After you restart Docker, you’re done if everything works

4.3 Verifying port Status

To view the docker configuration information, run the following command

docker info
Copy the code

After the command is executed, the following information is displayedAs you can see in the figure above, Docker gave a warning warning, telling me that there is a security risk if REMOTE access is enabled. This warning is ignored for the moment, but it indicates that remote access is enabled

In addition, you can check whether the port is enabled successfully by running the following command

netstat -ntl
Copy the code

After the command is executed, the port status of the current host is displayed, as shown in the following figureIt can be seen in the image above2375The port has been successfully enabled, indicating that it is OK to enable docker on the node.

However, when Portainer accesses this node through IP, it is necessary to consider whether the firewall in the network will block this port. Here we can use the Nmap tool to detect whether the port of the node can be accessed. Now I go back to the command terminal of Portainer system and use the Nmap tool to detect, the command is as follows

nmap -p 2375 xxx.xxx.xxx.xxx
Copy the code

After the command is executed, whether 2375 is enabled is displayed, as shown in the following figure

In the figure above, you can see that port 2375 of the node is enabled and can be connected.

4.4 Adding a Node Is Complete

Next, go back to the browser window, as shown below

In the webpage shown in the figure above, fill in the IP address and port of the node in the FORM of URL, and then click “Add Endpodint” button to Add the node. There will be corresponding prompt when the node is added successfully, as shown in the figure below

As you can see in the image above, The Portainer system indicates that the node has been successfully added and that the node is now visible in the node list.

Deploy containers

With the nodes added, I’m ready to deploy my container on the remote node;

5.1 Deploying a Container

Go back to the Portainer home page, where you can see the node information you just added, as shown in the figure below

Select the node you just added in the image above, and then go to the Container menu option to see a list of containers for this node, as shown in the image below

At the top of the list on the page shown above is the Add Container button, which adjusts to the Add Container details page

In the page shown above, you need to fill in the address of the Docker image. Here, I randomly elected an Nginx image and mapped port 8888 of the host to port 80 of the container. After submitting this information, the Portainer system will tell you whether the container ran successfully, as shown below

In the figure above, we can see that the container has been successfully run and jumped to the container list. Next, we can access port 8888 corresponding to this node to verify that the service is available.

Open your browser and fill in the URL in the address barhttp://xxx.xxx.xxx.xxx:8888/The result returned after the access is shown in the figure below

You can see in the figure above that the Nginx service is running successfully;

5.2 deployment docker – compose

In addition to deploying containers on the container list page, the Portainer system also supports deployment using docker-compose, which is called in the Portainer systemstacks, select this item in the menu bar to enter the docker-compose service list, as shown in the following figure

Click the Add Stack button at the top of the list to Add the Docker-compose service, as shown below

In the page shown above, I will be asked to fill in the docker-compose information. Here I have prepared a docker-compose configuration for Redis service, and the configuration code is shown below

Version: '3.5' services: redis: image: "redis:latest" container_name: redis_test command: redis-server ports: - "16379-16379"Copy the code

After the drop configuration is filled into the page, the commit Portainer will be deployed on the corresponding node just nowdocker-composeServices, as shown in the figure belowOnce the deployment is successful, you can see the deployed service in the Stacks list, and you can also click on the service name in the list to view and modify it on the details page, as shown below

In the figure above, you can see exactly what containers the service runs on, and you can terminate or delete them.

This paper is also a preliminary study of Portainer, more details need to be explored tirelessly.

About the author

Author: Tang Qingsong

WeChat: songboy8888

Date: 2021-04-10