Shulou(Shulou.com)05/31 Report--

This article mainly shows you "Docker+Rancher how to create an integrated environment", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "Docker+Rancher how to create an integrated environment" this article.

Previously, "build environment containerization" and "create continuous integration pipeline", we used Docker to create a centrally managed build environment that can be applied to any number of machines. Next, we set up the environment to Jenkins CI, automating the continuous construction, packaging, and testing of the source code. In this chapter, we will further study the pipeline (shown below) to learn how to continuously deploy the project to a long-running test environment. In addition to automatic acceptance testing, it will also allow manual testing of code. With such an environment, you can let your customers or QA (quality Manager) see the latest changes before the product is put into production. In addition, it is a good way to build and deploy to a production environment, which we will cover in this chapter.

Create an application environment

After we have built and tested the application, we can deploy it to a long-running, potentially externally oriented environment. This environment, which allows the customer or QA to view and test the latest changes before the product is put into production, is also an important step in the production process. With it, we can find bug that can be hidden in automated integration testing and can only be found in the real world. We usually call such an environment QA or integrated environment, of course, you can also name it yourself. We will create an integrated environment through the following steps:

Create an integrated environment in Rancher

Define Docker Compose and Rancher Compose templates

Create an application stack with Rancher

Managing DNS records with Rancher and AWS Route53

Add support for HTTPS

Create an integrated environment in Rancher

In Rancher UI, select Manage Environments and Add Environment in the upper left corner, and you will see what is shown on the following screen, add Name (Integration), and add a description for each environment. You also need to select a list of users and organizations that have access to the environment.

After the environment is set, select the Integration environment from the drop-down menu in the upper left corner of the screen. Now we can create an application stack for the integrated environment. Before we do that, let's take a look at the API keys deployed by Rancher. Select API > Key from the top menu, followed by Add Account API Key. A pop-up screen appears where you can create a named API key pair. We need to use Rancher Compose to create the test environment in the next steps. We will create a key pair called JenkinsKey, and the Jenkins instance will run Rancher Compose. Remember to leave a key (access key) and password (secret key) for later use, and these values will not be displayed again. Note that the API secret key is specific to the environment, so you need to create a new key for each environment.

Define Compose templates

In the last article, we created a Docker Compose template that defines the container types required for our project. The Compose template (docker-compose.yml) is shown in the following figure. Now we will use the same Docker Compose template as before, but with the addition of auth-lb services. This adds a load balancer in front of our go-auth service and separates the traffic from all the containers running the service. Adding a load balancer before the service is critical to ensuring availability and scalability, because it can still provide traffic even if one (or more) service containers die. In addition, it can extend the load to multiple containers, which may run on multiple hosts. The old version of Rancher I used in this article does not support version 3 compose files, so we have to set the version to 2, remove the wrong environment variables, and fix the version of go-auth.

We use the Rancher Compose startup environment in a multi-host environment, which is closer to the production environment and allows us to test and integrate various services, such as Rancher and Docker Hub, and so on. Unlike before us, our previous Docker Compose-based environment was explicitly designed to be independent of external services and started on the CI server itself, without the need to push the image to dockerhub.

Now that we use Rancher Compose to launch a multi-host test environment instead of Docker Compose, we also need to define a rancher compose template. Create a file called rancher-compose.yml and add the following. In this file, we define two containers that need to use auth-service, one to run the database, and the other to run the load balancer.

Next we will add a health check (health check) to the auth-service to ensure that we can detect when the container starts and can respond to the request. To do this, we use the / health URI of the go-auth service. The auth-service part of rancher-compose.yml should now look like this:

We now define a health check for port 9000 of the service container that runs every 2 seconds (2000 milliseconds). This check issues an http request to / health URL, and three consecutive check failures mark the container as unhealthy, while two successes mark the container as healthy.

Similarly, we need to add the lb_config section to the load balancer rancher-compose.yml file to let it know for which service (GoAuth), which ports need to be exposed, and how to verify the health of the instance after the load balancer. The auth-lb section of the rancher-compose.yml file should look like this:

Create an application stack with Rancher CLI

Now that we have defined the template, we can use Rancher Compose to launch our environment. Next, all you need to do is check out the go-message project and download Rancher CLI from Rancher UI. For information on how to set up rancher-compose on the development machine, you can refer to the instructions here:

Https://rancher.com/docs/rancher/v1.5/en/cattle/rancher-compose/ . Run. / rancher config to specify rancher url, access key, secret key, and default environment for the following commands.

After Rancher CLI is set up, you can use the following create command to set up your integration environment. The command here assumes that the docker-compose.yml and rancher-compose.yml files are in the current directory.

In UI, you should now be able to see the stack and services of your project. Note that the create command starts all services at the same time as the stack is created.

To make sure everything is all right, find the public IP of the host running the "authlb" service and create a user using the following command. You should get a response of 200 OK, and repeating the above request will return a 409 error indicating a conflict with existing users in the database. So far, we have provided a basic integration environment for applications, which is also a long-running environment.

Manage DNS records

Now that this environment needs to be long-running and open to the public, we will use DNS entries as well as HTTPS. In this way we can safely distribute applications outside the enterprise fire money and allow more temporary users to rely on persistent DNS rather than IPs that may change. You can use the DNS provider of your choice. Here we will demonstrate how to set the DNS entry in Amazon Route53. Go to AWS Console > Route53 > Hosted Zones and select Create Hosted Zone. In hosted zone (hosting area), you need to specify the domain name of your choice (such as gomessenger.com). When you are in AWS Console, you can also create users for Rancher to update Route53. Go to AWS Console > IAMS > Users and select Create New Users. Remember the user's Access Key and Secret Key, which we will use later. After the user has created, you need to add the AmazonRoute53FullAccess policy to the user so that it can update the route53.

Now that we have Hosted Zone and IAMs user settings, we can add Route53 integration to our Rancher Server (rancher server). Detailed instructions on how to do this can be found here: https://rancher.com/introducing-rancher-service-discovery-integration-with-amazon-route53/. In short, you need to browse Catalog > Library on the rancher server and select Route 53 DNS. You will be asked to specify the previously set Hosted Zone, as well as the AWS Access and Secret Keys of the Rancher IAMs user with Route53 access. After entering the information and clicking create, you should see a new stack of route53 services in your environment.

The service listens for Rancher events and captures the startup and termination of any load balancer instance. With this information, it will automatically create DNS entries for all hosts running the load balancer container. The format of the DNS entry is [Loadbalancer]. [stack]. [env]. [domain], for example:

Goauth.integration.testing.gomessenger.com.

As more and more containers start and shut down on each Rancher compute node, the Route53 service will maintain the consistency of DNS records. This is critical to our integrated test environment, and we'll see its importance later. We need to restart the environment container to make updates part of the ongoing deployment. By using Route53 DNS integration, we no longer have to worry about getting the latest hostnames for our customers and testers.

Enable HTTPS

After creating a DNS record for our environment, it would be a good choice to have it support the HTTPS protocol. First, we need to get the SSL certificate of our domain name. You can choose from many trusted certification authorities to purchase a SSL certificate for a domain name. If you do not have a certificate, you can generate a self-signed (self-signed) certificate to complete the setup and replace it with a trusted certificate after a period of time. The self-signed certificate means that any user will see a warning in the browser that "this connection is not trusted", but the communication is still encrypted. Then to generate a self-signed certificate, you first need to generate a ssl key, which can be implemented by openssl's genrsa command. Then you can use the key file to generate the certificate using the req command. This step is listed below. You can also print and save the sha256 fingerprint of the certificate, which manually ensures that the same certificate is displayed to you when the HTTPS request is made. In the absence of trusted certificates, manual fingerprint matching is the only way to avoid man-in-the-middle attacks.

Now that you have the certificate and private key files, you need to upload these files to Rancher. We can upload the certificate on the Infrastructure tab of Rancher UI and click the Add Certificate button in the Certificates section. You also need to give your certificate a meaningful name and fill in the description. Then copy and paste the contents of integration.gomessenger.com.key and integration.gomessenger.com.crt in the Private Key and Certificate fields (or select Read from File to read from the file). After completing the form, click Save and wait for the certificate to take effect.

After the certificate is activated, we can add the HTTPS endpoint to our environment. To do this, we must modify the rancher-compose file to include the SSL port configuration. We added a second port (9001) to the ports section to make our environment accessible outside the load balancer and use the io.rancher.loadbalancer.ssl.ports tag to specify that '9001' is the public load balancer port with SSL termination.

In addition, because we terminated the SSL at the load balancer, we can use the regular HTTP on the original port 9000 to send the request to our actual service container. We used the io.rancher.loadbalancer.target.auth-service tag to specify the mapping from 9001 to 9000.

We also need to update the rancher-compose file to specify the SSL certificate that we want to use for SSL termination in the load balancer service. Add the name of the certificate we uploaded earlier to default_cert. With these changes, you also need to delete and recreate the stack because there is currently no way to add these properties to the existing stack.

You can now use the curl command to make sure everything is all right. When you try the same command using the https protocol specifier and port 9001, you should see a failure saying that you are using an untrusted certificate. You can use the-- insecure switch to turn off trusted certificate checking and use https without a certificate.

These are all the contents of the article "how to create an integrated environment for Docker+Rancher". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.