Recently, when using ranger2.5.5 to deploy redis master-slave replication, we found that Ranger would generate many iptables rules, which made it impossible for us to use the master-slave replication function of redis on the machine where ranger was deployed, because my understanding of Ranger and k8s was limited to understanding the network architecture and use, and I didn’t go deep into the underlying layer, The problem of network conflict cannot be solved in a short time;
Therefore, I changed the mode of docker management by Ranger to that of using the container. This container is relatively more lightweight, and it also used several hours of learning in the process of building. Now I will try to recover the whole process for your reference.
2、 Operation steps
3、 Installing portiner
There are many ways to install portiner, but I always like to use the simplest way to do what I need to do, so here I will use the docker method to build it.
3.1 docker deployment
The deployment of docker is very simple. You only need to execute a simple run container command. The command is as follows.
docker run -d \ -p 9000:9000 \ -p 8000:8000 \ --restart always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /opt/docker/portainer-ce/data:/data \ --name portainer-ce portainer/portainer-ce
The command maps the 8000 port and 9000 port of the physical machine to the 8000 port and 9000 port of the container. At the same time, the docker communication file of the host computer is saved
/var/run/docker.sockAlso mapped to the container, in addition to the persistent deployment, also the directory
/opt/docker/portainer-ce/dataMapped to the
/dataAfter the command is executed, the returned result information is as shown in the figure below
As you can see in the figure above, a docker container has been successfully run. Next, I need to verify whether the service is running normally and use the browser to access the URL
http://127.0.0.1:9000/Address, the results are as follows
In the figure above, you can see that the portal system has been accessed, indicating that the system has been successfully installed.
3.2 node initialization
Now I need to set the administrator’s account and password. Here I simply fill in the password and confirm the password, and then click
Create userButton to create an administrator account.
After the administrator account is set, it needs to be initialized, as shown in the figure below
In the figure above, there are three options. I choose to use the container to manage the local docker program. Click
ConnectButton to complete the initialization operation.
3.3 function exploration
After completing the initialization operation, you can enter the working interface of the container, as shown in the figure below
Look for the one in the picture above. You can see that there is already one in the container system
localWe can click it to enter the node management, as shown in the figure below
As you can see in the figure above, the container system lists the
localNode stack, container information, image information, disk information, network information and so on, here I click at will
ContainersBlock, you can see the list of containers, as shown in the figure below
In the figure above, you can see that there are two containers in the container list, as well as the running status of the containers. You can also control these containers.
4、 Management node
Now I can control the local docker, but I am not satisfied with this. I need to control other machines as well.
4.1 start adding nodes
In the container system, there is a
endpointsIn this menu, you can add multiple nodes, as shown in the figure below
As you can see in the picture above, there is already one
localAt the top of the list
Add endpointButton. Click the button to go to the details page of adding nodes, as shown in the figure below
As you can see in the figure above, there are five options. Here I choose the simplest way to use
4.2 open API control
This method needs to add parameters to the docker startup program of the node, so I need to log in to the node server first. The command to log in to the server by SSH is as follows
After the command is executed, return as shown in the figure below
In the figure above, you can see that you have entered the server where the node is located, and then you need to edit the configuration file started by docker. The command is as follows
After the command is executed, you can modify the configuration in the VIM editing interface, as shown in the figure below
Add the remote access startup code to the docker startup command line. The code is as follows
-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
Copy code to
/usr/bin/dockerd After the program, as shown in the figure below
After saving the configuration file, you need to restart the docker service. The command to restart the docker is as follows
systemctl daemon-reload && systemctl restart docker
After the docker is restarted, everything will be finished if it is normal
4.3 verify port status
To view the configuration information of docker, the command is as follows
After the command is executed, the returned information is shown in the figure below
As you can see in the figure above, docker gives me a warning that there is a security risk when remote access is turned on. I will ignore it for the moment, but this prompt indicates that remote access is turned on
In addition, you can check whether the opening is successful by opening the port. The command is as follows
After the command is executed, the port opening of the current host will be returned, as shown in the figure below
You can see it in the picture above
2375The port has been successfully opened, which indicates that the node itself is OK to open the docker;
However, when the container accesses this node through IP, it should consider whether the firewall in the network will shield this port. Here, it can be used
nmapTool to detect whether the port of the node can be accessed. Now I go back to the command terminal of the container system and use the nmap tool to detect. The command is as follows
nmap -p 2375 xxx.xxx.xxx.xxx
After the command is executed, whether 2375 is on will be returned. The execution result is shown in the figure below
In the figure above, you can see the location of the node
2375The port is open and can be connected.
4.4 add nodes
Next, return to the browser window, as shown in the figure below
In the web page shown in the figure above, fill in the IP address and port of the node in the form of URL, and then click
Add endpodintButton to add the node. If the node is added successfully, there will be a corresponding prompt, as shown in the figure below
In the figure above, you can see that the container system prompts that the node has been successfully added, and you can see this node in the node list.
5、 Deployment container
After adding nodes, I am ready to deploy my container in remote nodes;
5.1 deploying a single container
Back to the home page of the container, you can see the node information just added on the home page, as shown in the figure below
Select the node just added in the figure above, and then enter the container menu option to see the container list of this node, as shown in the figure below
At the top of the list on the page shown above is a
Add containerButton, click this button to adjust to the add container details page
In the page shown in the figure above, you need to fill in the docker image address. Here I select a nginx image at will, and map port 8888 of the host to port 80 of the container. After submitting this information, the container system will tell you whether the container runs successfully, as shown in the figure below
In the figure above, we can see that the container has run successfully and jumps to the container list. Next, we can visit the 8888 port corresponding to this node to verify whether the service is available
Open the browser and fill in the URL in the address bar
http://xxx.xxx.xxx.xxx:8888/After accessing, the returned result is as shown in the figure below
You can see it in the picture above
nginxThe service has run successfully;
5.2 deploying docker compose
In addition to deploying containers in the container list page, the container system also supports deployment in the form of docker compose, which is called
stacks, select this item in the menu bar to enter the list of docker compose services, as shown in the figure below
At the top of the list is a
Add stackButton, click this button, you can add
docker-composeService, as shown in the figure below
In the page shown in the figure above, I will be asked to fill in the docker composition information. Here I have prepared a redis service
docker-composeThe configuration code is as follows
version: '3.5' services: redis: image: "redis:latest" container_name: redis_test command: redis-server ports: - "16379:16379"
After the configuration is filled in the page and submitted, the container will deploy the configuration in the corresponding node
docker-composeService, as shown in the figure below
After successful deployment, you can see the deployed service in the stacks list. You can also click the service name in the list to enter the details page to view and modify it, as shown in the figure below
In the figure above, you can see what container this service runs, and you can also terminate or delete the container.
In this paper, the container is also a preliminary study, more details also need to be tirelessly explored.
About the author
Author: Tang Qingsong
Date: April 10, 2021