If you want to know how to build your own private cloud infrastructure, we’ll explain exactly how that’s done using Rancher and Docker. In this step-by-step tutorial, we’re going to walk you through the exact process K&C’s DevOps consultants use to build a private cloud in a data centre using a Docker and Rancher stack.
Why Build A Private Cloud?
A hybrid cloud setup that splits workloads between public and private clouds is increasingly common. That’s especially the case at the Enterprise level where data sensitivity, compliance regulations and other security concerns often mean certain loads simply cannot use a public cloud facility.
But there are a number of other reasons why a private cloud facility may be either a necessity or preference. For a DevOps software development team, a private cloud may be used as a development and testing environment as part of a CI/CD pipeline.
Private clouds can also be used to keep legacy applications running when it doesn’t make sense to update them for compatibility with a public cloud platform. A private cloud can also be fully customised to optimally run specific workloads, especially those involving big data.
Whatever your reasons are for building a private cloud environment, for us at K&C, it is mainly a development and testing stage in a DevOps CI/CD pipeline, this step-by-step tutorial should provide a great starting point for how to go about it. You will need a solid foundational knowledge of Docker and Rancher to build your own private cloud, even with the guidance of the instructions below.
How to build your private cloud on Rancher and Docker
We will use the following cloud-native tech stack to build our data centre-based private cloud:
- Named (round-robin) — Balancing by DNS
- NGINX — web server for proxying requests for a web application
- Docker — software for automation of application deployment and management within the virtualization environment at the operating system level
- Docker-compose — a tool for starting and connecting to multiple Docker containers
- Docker registry — software for storing Docker images
- Rancher — Rancher Labs software that allows for easy deployment and management of containers within any organization operating on any infrastructure
- Rancher compose — operates on the principle of Docker compose, serves for activation of the Rancher functions
- Consul — a utility for Service Discovery and Key/Value Storage
- Jenkins — a continuous integration tool written in Java
Building your basic cloud infrastructure
To build the basic infrastructure (without NA), we will need the following:
Name
IP DNS
WebServer
192.168.11.140 web.cloud.infra
CloudMaster
192.168.11.72 master1.cloud.infra
CloudClient1
192.168.11.73 ci1.cloud.infra
CloudClient2 192.168.11.132 ci2.cloud.infra
* The IPs shown were taken from a real system and are required to match screenshots.
RANCHER OPERATION SCHEME
1. Setting up a local DNS
The cloud is built within our network, for which purpose a separate zone shall be created.
Edit the configuration file named:
nano /etc/named/cloud.zones
zone "cloud.infra" { type master; file "/var/named/master/cloud.infra"; };
Now create a zone file:
[totb title=”K&C – Creating Beautiful Technology Solutions For 20+ Years . Can We Be Your Competitive Edge?” subtitle=”Drop us a line to discuss your needs or next project” buttonlink=” https://kruschecompany.com/contacts/ ” buttonlabel=”Get in Touch!”][/totb]
2. Setting up a master server
nano /var/named/master/cloud.infra
$TTL 3600 @ IN SOA ns.cloud.infra. hostmaster.cloud.com. ( 2015111800 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 3600 ) ; Default Minimum TTL IN NS ns.cloud.infra. master1 A 192.168.11.72 ci1 A 192.168.11.73 ci2 A 192.168.11.132 web A 192.168.11.140
And restart Named
service named restart
DNS has been set up, so proceed to create a master server
The master server will accommodate:
– Rancher-server
– Consul-server
– Jenkins
Startup the container with Rancher
sudo docker run -d --restart=always -p 8080:8080 rancher/server
Our Rancher server is available at https://master1.cloud.infra:8080.
Let’s set up authorization:
1. Admin -> Access Control
2. Select LOCAL
3. Add a new user
Set up environments:
1. Go to the tab: Default
2. Click: Add Environment
3. Select: Cattle
4. Type the name and add users
Setting up your own registry
1. Go to the tab Infrastructure -> Registries
2. Select: Custom
3. Insert your values
Create an API key
1. Go to the tab: API
2. Generate and write down your values
Let’s finish with Rancher for the time being and come back to it when setting up clients
Startup the container with consul-server
docker run -d -p 8500:8500 -p 53:8600/udp -p 400:8400 -p 8300:8300 -p 8301:8301 -p 8302:8302 --name=consul gliderlabs/consul-server -bootstrap
Consul is (will be) available at https://master1.cloud.infra:8500
Start Jenkins
docker run -d -p 32769:8080 jenkins
Jenkins is (will be) available at https://master1.cloud.infra:32769
3. Setting up clients
Start up two Docker containers on CloudClient1 and CloudClient2
– Rancher client
– Consul registrator
To start Rancher client, go to Rancher master:
1. Go to Infrastructure -> Hosts
2. And click: Add Host
3. Enter the external IP of the server in item 4
4. Copy the content of item (from) 5
Startup containers with Rancher and Consul on CloudClient1
sudo docker run -e CATTLE_AGENT_IP="192.168.11.73" -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.0.2 http://master1.cloud.infra:8080/v1/scripts/E0EC8B33530A5512C0C7:q2qdFb3XY4
docker run -d -v /var/run/docker.sock:/tmp/docker.sock gliderlabs/registrator -ip 192.168.11.73 consul://192.168.11.72:8500
Do the same on CloudClient2 but change the IP addresses
sudo docker run -e CATTLE_AGENT_IP="192.168.11.132" -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.0.2 http://master1.cloud.infra:8080/v1/scripts/E0EC8B33530A5512C0C7:1473764400000:jq2qdFb3XY4
docker run -d -v /var/run/docker.sock:/tmp/docker.sock gliderlabs/registrator -ip 192.168.11.132 consul://192.168.11.72:8500
If everything has been successfully completed, then we will see our servers in Rancher
* Please, ignore the launched services
4. Setting up a project
To create a project in Rancher, you need to create a docker-compose v1 file, add data obtained from the API, and download Rancher-compose.
*Rancher does not collect projects from Dockerfile, but downloads them from the registry. For this reason, collect either locally or from any host
Create a homepage project:
nano docker-compose-rancher.yml
homepage: image: registry.cloud.infra/homepage ports: - "3000" links: - mongo environment: - MONGO_URL=mongodb://mongo:27017/homepage-dev - ROOT_URL=http://localhost - MAIL_URL=smtp://some.mailserver.com:25 labels: io.rancher.container.pull_image: always mongo: image: mongo:3.2.6 command: mongod --smallfiles volumes: - /srv/docker/homepage/mongo:/data/db labels: io.rancher.container.pull_image: always
Also, create a simple build script
nano new.sh
#!/bin/bash IMAGE_NAME="registry.cloud.infra/homepage" case "${1}" in --build | -b ) docker build --no-cache --rm -t ${IMAGE_NAME} . ;; --run | -r ) docker run -d -P -t ${IMAGE_NAME} ;; --help | -h ) printf "usage: ${0} [arg]n--build,-btBuild imagen--run,-rtRunn" ;; * ) printf "Print ${0} --help for helpn" ;; esac
Export global variables
export RANCHER_URL='https://master1.cloud.infra:8080/v1/' export RANCHER_ACCESS_KEY='access' export RANCHER_SECRET_KEY='secret'
And download Rancher-compose (Link in the bottom right-hand corner in Rancher)
Add the project to Rancher
rancher-compose --file docker-compose-rancher.yml create
Start the project
rancher-compose --file docker-compose-rancher.yml up -d
If everything has been successfully completed, then we will see the following in Rancher:
We will also see the following in Consul:
5. Setting up a WEB server
Install NGINX and download consul-template
yum install nginx wget https://releases.hashicorp.com/consul-template/0.15.0/
Create a Consul-template for NGINX
nano /etc/nginx/conf.d/homepage.ctmpl
server { listen 80; server_name homepage.cloud.infra; client_max_body_size 4M; proxy_cache one; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; {{range service "homepage-3000" }} proxy_pass http://{{.Address}}:{{.Port}};{{end}} proxy_read_timeout 90; proxy_cache_valid 200 10m; proxy_cache_methods GET HEAD POST; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
Start NGINX and consul-template
service nginx start consul-template -consul master1.cloud.infra:8500 -template "/etc/nginx/conf.d/nginx.ctmpl:/etc/nginx/conf.d/nginx.conf:service nginx restart"
Now, Consul-template will keep track of changes in Consul-server and rewrite data to the NGINX configurations.
6. Jenkins CI
The final tweak in our cloud is adding continuous integration.
For this purpose, add values obtained from the API to the configuration in Jenkins
Create a Job and insert the following in the shell exec item
cd $JOB_NAME; ./new.sh -b docker push registry/homepage rancher-compose --file docker-compose-rancher.yml up --force-upgrade --pull --confirm-upgrade -d
Your Private Cloud Is Ready For Project Deployment
Once you have worked your way through the step-by-step process, your private cloud is ready to run. Your cloud project can now be deployed at the click of a button. The containers are up on the least loaded hosts and linked to each other via the internal Rancher network.
I have not gone into full detail on all the capabilities of this DevOps private cloud setup but you should have a good overview of its core capabilities.