Nethserver-portainer needs testers AND ideas :D


(Stéphane de Labrusse) #1

Hi all
since part of my collaboration with Nethserver, I’m working on the docker side and ns7…it is cool

I have some rpm to share, of course try it, break it, comment it

if you just want docker

yum install -y http://mirror.de-labrusse.fr/NethDev/docker/docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm http://mirror.de-labrusse.fr/NethDev/docker/nethserver-docker-0.1.4-1.ns7.noarch.rpm

decide if you need docker-compose

sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

if you want portainer to manage docker

yum install -y http://mirror.de-labrusse.fr/NethDev/docker/docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm http://mirror.de-labrusse.fr/NethDev/docker/nethserver-docker-0.1.4-1.ns7.noarch.rpm http://mirror.de-labrusse.fr/NethDev/docker/nethserver-portainer-0.1.4-1.ns7.noarch.rpm

A limitation of portainer is important, your VM must be set at the good time/date, else you won’t be able to login

go to https://YOURIP:9000 at the first login you create the admin user and password

a docker volume is created for persistent data, it is the volume portainer-data

If you want to upgrade portainer (rm portainer, pull new image, run again portainer), do : signal-event portainer-upgrade

what we need to do

  • reverse web (apache, nginx, …) proxy for web container
  • backup script to save volume (persistent data) and docker
  • run portainer over ssl
  • make each service running in a docker container (:D)

if you have skills in docker, or just some experiences, please share them


(Dan) #2

Looks like that should be straightforward enough:
https://portainer.readthedocs.io/en/stable/deployment.html#secure-portainer-using-ssl

From there, it looks like it’s simply a matter of specifying the paths for cert/key/chain to the docker run command that launches portainer.

It’s installed and running on a test Neth 7.4 VM; now I need to figure out how to use it to actually do something.


(Markus Neuberger) #3

This is really nice, install portainer, grab an app, deploy and work. :sunglasses:

You may setup your environment in a few minutes, in this test case joomla uses mysql:

Docker Joomla running and updating without problems:


(Dan) #4

…and Wordpress too:


(Alessio Fattorini) #5

I don’t know if for a production server is the right choice but for everything else looks a great you!
NethServer may become a good development platform, for example.


(Stéphane de Labrusse) #6

I’m not innocent, it is the goal :slight_smile:


(Stéphane de Labrusse) #7

I suppose that we should publish a little howto or refer to an existing one. In fact portainer looks like the docker command line, you can launch a container with no choices, portainer will decide for you, but it is not the better method.

when you use a container (not preconfigured template) you need to decide

image of your container (if you don’t precise : latest is added, go to https://store.docker.com)
port (automatic or manual setting)
volume mounted (docker volume for persistent data if you crash the container)
bind path mounted (local path mounted in the container for persistent data)
restart policy (unless-stopped is fine-> restart if crash or server reboot)
runtime & ressources (ram, processor max)

sometime with a container you have to link one for a database connection, either use the mysql/postgresql on your host or use also a container for this purpose.

It is really a new perspective for thinking your architecture…not time yet, but I would try to test a module based on it…our template system could write on a bind path or a volume, we just need to create few bind/module for configuration area.


(Dan) #8

…and that’s what has me scratching my head a little bit, as I’m not seeing how to do it through Portainer. For example, if I want to set up Rocket.chat, I first need to run mongodb, and then link the rocket.chat container to that.


(Stéphane de Labrusse) #9

eventually you might use docker-compose also (check first post)…I’m still experimenting too

FYI ssl is on the grill


(Dan) #10

Unfortunately that isn’t (and won’t be) available through Portainer. I ultimately probably just need to learn some Docker basics, as I just don’t see what the big deal is at this point, or really understand how it’s supposed to work. And without any real understanding of the underlying technology, the pretty UI probably isn’t going to help much.


(Stéphane de Labrusse) #11

yes a new learning curve is needed


(Stéphane de Labrusse) #12

one another guy in the black, but this is my test

create the mariadb with the template, set root and password

install the wordpress instance from the template
edit the wordpress container, check the ‘ENV’ you can see WORDPRESS_DB_HOST and WORDPRESS_DB_PASSWORD

so this is what are the settings of your mariadb

install a docker container from scratch, at the first login set the mariadb credential

login admin
password :xxxxxx
host : 172.17.0.5 (in my case)

probably when you create the container you can add the ENV settings if you know them (check the dockerhub)

need to check if I can use the mariadb server of NS, it could simplify the backup

Just some fun


(Tim Carroll) #13

Looks great but, how can I switch docker to use the green interface for testing instead of the red (external)


(Stéphane de Labrusse) #14

by design If a red interface exists, docker uses it. I suppose you are in gateway mode (red and green) ?


(Tim Carroll) #15

Yes on a live system.


(Stéphane de Labrusse) #16

gateway at your home ?


(Davide Principi) #17

Is it due to shorewall behavior?


(Tim Carroll) #18

exactly


(Stéphane de Labrusse) #19

in fact in the portainer interface you have a pointer (url link) you can use to reach the docker port via the TCP port 0.0.0.0:8888

if you do not set an ip to docker you cannot use this web link, for now you use the first green interface and if you have a red interface you switch to it.

I’m not sure that shorewall can restrict the IP access once a port is delegated to docker, for what I tested the ports are opened.

still in alpha/beta stage, but it is promised :smiley:


(Tim Carroll) #20

I don’t believe it has anything to do with shorewall.
when I do a “docker network inspect bridge” i can see it binding to my external ip