vagrant
docker
rancher
rancheros

VagrantでRancherOSをVirtualBox/AWS上に立ち上げる

More than 1 year has passed since last update.

概要

RancherOSを試したくなった。そんなメモ。

RancherOSって?

コンテナを動かすことに特化したOS
http://rancher.com/rancher-os/

Rancherというマネージメントツールを上で走らせると更に便利を感じられる。
http://rancher.com/rancher/

in VirtualBox

Vagrantfile

RancherOS上でRancherを起動させてみる。

Vagrant.configure(2) do |config|
  # https://app.vagrantup.com/MatthewHartstonge/boxes/RancherOS
  config.vm.box = "MatthewHartstonge/RancherOS"
  config.vm.guest = :linux

  config.ssh.forward_agent = true

  config.vm.define "RancherOS" do |machine|
    # machine.vm.hostname = "RancherOS"
    #machine.vm.network "private_network", ip: "192.168.33.10"
    machine.vm.network "forwarded_port", guest: 8080, host: 8080

    machine.vm.provider :virtualbox do |vb|
      vb.customize [
        "modifyvm", :id,
        "--hwvirtex", "on",
        "--nestedpaging", "on",
        "--largepages", "on",
        "--memory", "2048",
        "--cpus", "2",
        "--ioapic", "on",
        "--pae", "on",
        "--paravirtprovider", "kvm"
      ]
    end

    if ARGV[0] == "up" || ARGV[0] == "provision" then
      machine.vm.provision :shell do |shell|
        shell.inline = "sudo docker run -d --restart=unless-stopped -p 8080:8080 rancher/server"
        shell.privileged = false
      end
    end
  end
end

起動

$ vagrant up
Bringing machine 'RancherOS' up with 'virtualbox' provider...
==> RancherOS: Importing base box 'MatthewHartstonge/RancherOS'...
==> RancherOS: Matching MAC address for NAT networking...
==> RancherOS: Checking if box 'MatthewHartstonge/RancherOS' is up to date...
==> RancherOS: Setting the name of the VM: vagrant-rancheros_RancherOS_1499650771860_13108
==> RancherOS: Clearing any previously set network interfaces...
==> RancherOS: Preparing network interfaces based on configuration...
    RancherOS: Adapter 1: nat
==> RancherOS: Forwarding ports...
    RancherOS: 8080 (guest) => 8080 (host) (adapter 1)
    RancherOS: 22 (guest) => 2222 (host) (adapter 1)
==> RancherOS: Running 'pre-boot' VM customizations...
==> RancherOS: Booting VM...
==> RancherOS: Waiting for machine to boot. This may take a few minutes...
    RancherOS: SSH address: 127.0.0.1:2222
    RancherOS: SSH username: rancher
    RancherOS: SSH auth method: private key
    RancherOS:
    RancherOS: Vagrant insecure key detected. Vagrant will automatically replace
    RancherOS: this with a newly generated keypair for better security.
    RancherOS:
    RancherOS: Inserting generated public key within guest...
    RancherOS: Removing insecure key from the guest if it's present...
    RancherOS: Key inserted! Disconnecting and reconnecting using new SSH key...
==> RancherOS: Machine booted and ready!
==> RancherOS: Running provisioner: shell...
    RancherOS: Running: inline script
==> RancherOS: Unable to find image 'rancher/server:latest' locally
==> RancherOS: latest: Pulling from rancher/server
==> RancherOS: 6599cadaf950: Pulling fs layer
==> RancherOS: 23eda618d451: Pulling fs layer
==> RancherOS: f0be3084efe9: Pulling fs layer
==> RancherOS: 52de432f084b: Pulling fs layer
==> RancherOS: a3ed95caeb02: Pulling fs layer
==> RancherOS: e75cd91a1dc5: Pulling fs layer
==> RancherOS: 997f1b48f59f: Pulling fs layer
==> RancherOS: 313c28fb4e37: Pulling fs layer
==> RancherOS: 2a0730d1275c: Pulling fs layer
==> RancherOS: 8848fbebd2c8: Pulling fs layer
==> RancherOS: 906504ea9ea6: Pulling fs layer
==> RancherOS: 9329940f8e65: Pulling fs layer
==> RancherOS: e849debd7945: Pulling fs layer
==> RancherOS: 4883bd135dd2: Pulling fs layer
==> RancherOS: 605c6a0fe940: Pulling fs layer
==> RancherOS: 274bc004c933: Pulling fs layer
==> RancherOS: 8dc12eb604fe: Pulling fs layer
==> RancherOS: c920c1f79d8a: Pulling fs layer
==> RancherOS: b7ec69f4800e: Pulling fs layer
==> RancherOS: 2a0730d1275c: Waiting
==> RancherOS: 8848fbebd2c8: Waiting
==> RancherOS: 906504ea9ea6: Waiting
==> RancherOS: 9329940f8e65: Waiting
==> RancherOS: e849debd7945: Waiting
==> RancherOS: 4883bd135dd2: Waiting
==> RancherOS: 605c6a0fe940: Waiting
==> RancherOS: 274bc004c933: Waiting
==> RancherOS: 8dc12eb604fe: Waiting
==> RancherOS: c920c1f79d8a: Waiting
==> RancherOS: b7ec69f4800e: Waiting
==> RancherOS: 52de432f084b: Waiting
==> RancherOS: e75cd91a1dc5: Waiting
==> RancherOS: 997f1b48f59f: Waiting
==> RancherOS: 313c28fb4e37: Waiting
==> RancherOS: a3ed95caeb02: Waiting
==> RancherOS: 23eda618d451: Download complete
==> RancherOS: f0be3084efe9: Verifying Checksum
==> RancherOS: f0be3084efe9: Download complete
==> RancherOS: a3ed95caeb02: Verifying Checksum
==> RancherOS: a3ed95caeb02: Download complete
==> RancherOS: 52de432f084b: Verifying Checksum
==> RancherOS: 52de432f084b: Download complete
==> RancherOS: 6599cadaf950: Verifying Checksum
==> RancherOS: 6599cadaf950: Download complete
==> RancherOS: 997f1b48f59f: Verifying Checksum
==> RancherOS: 997f1b48f59f: Download complete
==> RancherOS: e75cd91a1dc5: Verifying Checksum
==> RancherOS: e75cd91a1dc5: Download complete
==> RancherOS: 313c28fb4e37: Verifying Checksum
==> RancherOS: 313c28fb4e37: Download complete
==> RancherOS: 2a0730d1275c: Verifying Checksum
==> RancherOS: 2a0730d1275c: Download complete
==> RancherOS: 9329940f8e65: Verifying Checksum
==> RancherOS: 9329940f8e65: Download complete
==> RancherOS: 8848fbebd2c8: Verifying Checksum
==> RancherOS: 8848fbebd2c8: Download complete
==> RancherOS: 906504ea9ea6: Verifying Checksum
==> RancherOS: 906504ea9ea6: Download complete
==> RancherOS: e849debd7945: Verifying Checksum
==> RancherOS: e849debd7945: Download complete
==> RancherOS: 4883bd135dd2: Verifying Checksum
==> RancherOS: 4883bd135dd2: Download complete
==> RancherOS: 605c6a0fe940: Verifying Checksum
==> RancherOS: 605c6a0fe940: Download complete
==> RancherOS: 274bc004c933: Verifying Checksum
==> RancherOS: 274bc004c933: Download complete
==> RancherOS: 8dc12eb604fe: Verifying Checksum
==> RancherOS: 8dc12eb604fe: Download complete
==> RancherOS: b7ec69f4800e: Verifying Checksum
==> RancherOS: b7ec69f4800e: Download complete
==> RancherOS: c920c1f79d8a: Verifying Checksum
==> RancherOS: c920c1f79d8a: Download complete
==> RancherOS: 6599cadaf950: Pull complete
==> RancherOS: 23eda618d451: Pull complete
==> RancherOS: f0be3084efe9: Pull complete
==> RancherOS: 52de432f084b: Pull complete
==> RancherOS: a3ed95caeb02: Pull complete
==> RancherOS: e75cd91a1dc5: Pull complete
==> RancherOS: 997f1b48f59f: Pull complete
==> RancherOS: 313c28fb4e37: Pull complete
==> RancherOS: 2a0730d1275c: Pull complete
==> RancherOS: 8848fbebd2c8: Pull complete
==> RancherOS: 906504ea9ea6: Pull complete
==> RancherOS: 9329940f8e65: Pull complete
==> RancherOS: e849debd7945: Pull complete
==> RancherOS: 4883bd135dd2: Pull complete
==> RancherOS: 605c6a0fe940: Pull complete
==> RancherOS: 274bc004c933: Pull complete
==> RancherOS: 8dc12eb604fe: Pull complete
==> RancherOS: c920c1f79d8a: Pull complete
==> RancherOS: b7ec69f4800e: Pull complete
==> RancherOS: Digest: sha256:17b7d7b3fba08cfcd3111f987e7ead9f7dc5d453be975c9dc291ffdee9a86261
==> RancherOS: Status: Downloaded newer image for rancher/server:latest
==> RancherOS: 3ab1de3a9d18f819840607e3a1fe4517e717e4b18c469071bc73b584c38c9818

$ vagrant ssh
[rancher@rancher ~]$

HostをAdd

Agentを起動させてRancherに登録する的な感じ。

IPをチェック

疎通できそうなIPは 10.0.2.15

$ vagrant ssh
[rancher@rancher ~]$ ifconfig
docker-sys Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:172.18.42.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::cb6:f4ff:fe3d:8858/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:76 (76.0 B)  TX bytes:258 (258.0 B)

docker0   Link encap:Ethernet  HWaddr 02:42:90:35:E5:89
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:90ff:fe35:e589/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2028 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1442320 (1.3 MiB)  TX bytes:2859314 (2.7 MiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:1D:66:8C
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe1d:668c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:254872 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12941 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:366678403 (349.6 MiB)  TX bytes:2468273 (2.3 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

veth0046a0e Link encap:Ethernet  HWaddr 86:68:CC:DC:42:E5
          inet6 addr: fe80::8468:ccff:fedc:42e5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2042 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1459512 (1.3 MiB)  TX bytes:2860382 (2.7 MiB)

UIから上記IPを設定

下記URLから上記IPを設定。
http://localhost:8080/admin/settings

image.png

Agentを起動

INFRASTRUCTURE -> Hosts -> Add Host
image.png
image.png

Specify the public IP that should be registered for this host と記載されている所に疎通可能なIPを設定。
image.png

Copy, paste, and run the command below to register the host with Rancher: をコピーしてRancherOS内で実行。

[rancher@rancher ~]$ sudo docker run -e CATTLE_AGENT_IP="10.0.2.15"  --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.5 http://10.0.2.15:8080/v1/scripts/7714B7F27FCC3CCF0A85:1483142400000:b6PgCpQkoW4UJv8zS0xONywvSI
Unable to find image 'rancher/agent:v1.2.5' locally
v1.2.5: Pulling from rancher/agent
b3e1c725a85f: Pull complete
4daad8bdde31: Pull complete
63fe8c0068a8: Pull complete
4a70713c436f: Pull complete
bd842a2105a8: Pull complete
3f7d6fd71888: Pull complete
16914729cfd3: Pull complete
d34b76ed901e: Pull complete
80ff31d61b2d: Pull complete
Digest: sha256:4cec4c6093d04c87375c2ff580d77e5857be19999ee098bea1d4084b734df989
Status: Downloaded newer image for rancher/agent:v1.2.5

INFO: Running Agent Registration Process, CATTLE_URL=http://10.0.2.15:8080/v1
INFO: Attempting to connect to: http://10.0.2.15:8080/v1
INFO: http://10.0.2.15:8080/v1 is accessible
INFO: Inspecting host capabilities
INFO: Boot2Docker: false
INFO: Host writable: true
INFO: Token: xxxxxxxx
INFO: Running registration
INFO: Printing Environment
INFO: ENV: CATTLE_ACCESS_KEY=E1F01CF69D345E5F219D
INFO: ENV: CATTLE_AGENT_IP=10.0.2.15
INFO: ENV: CATTLE_HOME=/var/lib/cattle
INFO: ENV: CATTLE_REGISTRATION_ACCESS_KEY=registrationToken
INFO: ENV: CATTLE_REGISTRATION_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_URL=http://10.0.2.15:8080/v1
INFO: ENV: DETECTED_CATTLE_AGENT_IP=172.17.0.1
INFO: ENV: RANCHER_AGENT_IMAGE=rancher/agent:v1.2.5
INFO: Launched Rancher Agent: ad05db778c1c9a674033ee24a72dda3c81a7ae5b083a083f0bdd3d40d642930d

無事追加完了

image.png

動作確認

適当にnginxをdocker-composeから起動

Vagrantfileにポートフォワーディングを追加

以下を追記

machine.vm.network "forwarded_port", guest: 80, host: 10080

nginx起動

$ vagrant halt
$ vagrant up
$ vagrant ssh
[rancher@rancher ~]$ docker run --name my-nginx -d -p 80:80 nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
e6e142a99202: Pull complete
c5b776fbdd26: Pull complete
1128674f0003: Pull complete
Digest: sha256:8e2645484fe09122ea8aef7a186658082a860312d47fa51675cbf21d1b4b901a
Status: Downloaded newer image for nginx:latest
94d1a5de6e23425e0b2eee980d317424596102e1d6c94c42665e7a856c51555b
[rancher@rancher ~]$ docker ps | grep my-nginx
94d1a5de6e23        nginx:latest                     "nginx -g 'daemon ..."   30 seconds ago      Up 29 seconds       0.0.0.0:80->80/tcp     my-nginx

WebUIからも確認可能
image.png

nginxとの疎通確認

http://localhost:10080/ へアクセス。
見慣れた画面ですね。

image.png

所感

割りと簡単に動く…気がする。

in AWS

下準備

vagrant-awsdotenvを使っているので、入れてない時は入れておく

vagrant plugin install dotenv vagrant-aws

vagrant-aws の使い方に関しては記載しないが、VPSとEC2辺りを開放したアクセストークンを作っておいたり、良い感じにポートのアクセス許可をしたセキュリティグループを作ったりしておく必要がある。

.env

アクセストークン等は .env ファイルにまとめておいた。後述の Vagrantfile と同一フォルダに置いておく。

# For SSH configs
SSH_KEY=${HOME}/.ssh/id_rsa

# For EC2 configs
EC2_ACCESS_KEY_ID="AAAAAAAAAAAAAAAAAAAA"
EC2_SECRET_ACCESS_KEY="0123abcccccccccccccccccccccccccccccccccc"
EC2_KEYPAIR="予めEC2に登録しておいたSSHキー名"
EC2_SECURITY_GROUP="sg-000000aa"

# For VPC configs
VPC_ID="vpc-000000aa"
VPC_SUBNET_ID="subnet-000000aa"

Vagrantfile

AMIのIDはこのあたりを参照した

なぜか t2.nano では起動しなかった。気をつけておきたい。

# load .env
Dotenv.load

Vagrant.configure(2) do |config|
  machine_name  = [ 
    "RancherOS",
  ]
  machine_size   = 
  { 
    "RancherOS" => "t2.micro", # https://aws.amazon.com/jp/ec2/pricing/on-demand/
  }

  config.vm.guest = :linux

  config.ssh.username         = "rancher"
  config.ssh.private_key_path = ENV['SSH_KEY']
  config.vm.box               = 'dummy'
  config.vm.box_url           = 'https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box'

  machine_name.each do |machine|
    config.vm.define "#{machine}" do |config|
      config.vm.provider :aws do |provider, override|
        provider.instance_type   = machine_size[machine]
        provider.region          = "ap-northeast-1"
        provider.ami             = "ami-8bb1a7ec"
        provider.subnet_id       = ENV['VPC_SUBNET_ID']
        provider.security_groups = ENV['EC2_SECURITY_GROUP']

        provider.access_key_id     = ENV['EC2_ACCESS_KEY_ID']
        provider.secret_access_key = ENV['EC2_SECRET_ACCESS_KEY']
        provider.keypair_name      = ENV['EC2_KEYPAIR']

        # sudoするための所作
        # provider.user_data = "#!/bin/sh\nsed -i 's/^.*requiretty/#Defaults requiretty/' /etc/sudoers\n"

        override.vm.synced_folder "./", "/vagrant", type: "rsync"

        if ARGV[0] == "up" || ARGV[0] == "provision" then
          override.vm.provision :shell do |shell|
            shell.inline = "sudo docker run -d --restart=unless-stopped -p 8080:8080 rancher/server"
            shell.privileged = false
          end
        end
      end
    end
  end
end

起動と設定

普通に vagrant up すれば機嫌が良ければ起動する。

Add Hostに関しては前述のVirtualBoxと同じ方法なので割愛する。

所感

とりあえず今回は作って試す事がしたかったので満足。今度はプライベートカタログ等の便利さを体感したい。
Rancher プライベートカタログとCompose

参考文献

Rancher OSとRancherでDockerクラスタを組んでみた - イノベーション エンジニアブログ