Deploy Mender on DigitalOcean using Rancher Container Management Platform

Written by gustavosbarreto | Published 2017/07/05
Tech Story Tags: docker | rancher | iot | tech | mender

TLDRvia the TL;DR App

An interactive guide to deploying Mender Server stack on DigitalOcean using Rancher

What is Mender?

MMender is an open source remote software updater for embedded Linux devices.

It enables the management of software updates to connected devices remotely, whether over-the-air or over any TCP/IP network. You can deploy an image-based update from the Mender Server to your connected device or devices.

Rancher Container Management Platform

As can you see in the “Mender Server Containers Graph”, Mender Server has several containers, it could be hard to maintain a cluster of hosts running all Mender containers, Rancher makes this easy.

Prerequisites

To complete this tutorial you must have following:

  • DigitalOcean account to create droplets and volumes
  • Amazon AWS account to create a S3 bucket for storing Mender artifacts

Monthly Costs Estimation

There are lots of costs in running Mender Server on DigitalOcean ready for production. The table below describes the monthly costs on DigitalOcean to maintain a Mender Server instance up and running for production environment.

DigitalOcean monthly costs estimation

  • Item 1: 1x Droplet instance of 2GB RAM for Rancher Server
  • Item 2: 4x Droplet instances of 1GB RAM for Mender services
  • Item 3: 5x volume of 10GB to persist database data of Mender services
  • Item 4: 1x DigitalOcean load balancer instance

Step 1 — Create Rancher Server Droplet

First, we need to create Rancher Server Droplet. Rancher Server will take care of creating and orchestrating Mender infrastructure in your cluster.

Go to your DigitalOcean dashboard and create a new team called Mender. Switch to Mender team and create a new Droplet with the following configuration:

Rancher Server Droplet configuration

  • Distribution: Ubuntu 16.04 x64
  • Size: $20/mo
  • Datacenter region: New York 1
  • Add your public SSH key if you have them
  • Set the hostname to “rancher-server”

Step 2 — Start Rancher Server

After Rancher Server Droplet provisioning is finished, you must login into to start Rancher Server.

Go to your DigitalOcean dashboard and copy the IP Address of the Rancher Server Droplet.

Now, connect to Rancher Server Droplet running the following command in your computer’s terminal:

$ ssh root@<RANCHER_SERVER_IP>

NOTE: Replace <RANCHER_SERVER_IP> to the IP Address of Rancher Server Droplet.

After successfully connected to SSH, run the following commands to start Rancher Server:

$ curl https://releases.rancher.com/install-docker/17.03.sh | sh$ docker run -d -restart=unless-stopped \-p 8080:8080 \rancher/server:stable

It will only take a couple of minutes for Rancher Server to start up.

Rancher Server UI is exposed on port 8080, so in order to view the UI, go to http://<RANCHER_SERVER_IP>:8080

Step 3 — Configure Rancher Server

By default, Rancher Server comes with no Access Control enabled, this means anyone on internet can access Rancher Server UI. It is recommended to configure Access Control soon after launching Rancher Server.

In the Admin tab, click Access Control. Select the Local icon. Create an admin user by providing the Login Username, Full Name, and Password. Click Enable Local Auth to turn on local authentication.

Step 4 — Add Rancher Hosts

To add Rancher Hosts, access the Rancher Server UI and click Infrastructure, which will immediately bring you to the Hosts page. Click on the Add Host. Rancher will prompt you to select a host registration URL. This URL is where Rancher server is running and must be reachable from all the hosts that you will be adding. Just click in Save.

By default, the Custom option will be selected, select DigitalOcean icon, enter your DigitalOcean Access Token and click Configure Droplet.

You can generate DigitalOcean Access Token on the Applications & API section of the control panel.

In the next page set following configuration for the hosts:

Rancher Host configuration

  • Name: host-
  • Quantity: 4
  • Region: New York 1
  • Labels: mender
  • (Advanced Options) Docker Install URL: v17.03.x

Leave all other options at their default values. Click Create and wait until Rancher is provisioning hosts for you.

Step 5 — Install Mender Catalog for Rancher

Mender Catalog for Rancher provides templates that make it easy to deploy Mender Server stack.

Templates of Mender Catalog for Rancher

In Rancher Server UI, go to Admin/Settings and add a new custom catalog:

Step 6 — Generate certificates and keys

Please see Generating new keys and certificates section from Mender documentation website for generating certificates and keys.

Certificates and keys | Mender documentationMender documentationdocs.mender.io

Step 7 — Deploy Mender Server Stack

In this step, we will deploy a Mender Server stack across Rancher Hosts you have been created in Step 4.

Add Mender Server certificate

Mender uses a secure client-server communication though HTTPS. In order to enable HTTPS in Rancher Load Balancer, you need to upload both private key and certificate files.

In Rancher Server UI, to to Infrastructure/Certificates page. To add a new certificate click on Add Certificate.

Provide a Name and Description for the certificate. If you have generated the certificate following the instructions from Step 6 you have to upload the _keys-generated/certs/api-gateway/private.key_ as Private Key and _keys-generated/certs/api-gateway/cert.crt_ as Certificate.

Install Docker volume plugin for DigitalOcean Block Storage

To enable persistent storage for all MongoDB instances of Mender Server, we need to install Docker volume plugin for DigitalOcean Block Storage. The Mender Catalog for Rancher also provides a infrastructure template to install this plugin on all Rancher Hosts.

In Rancher Server UI, go to Catalog/Mender and select REX-Ray DigitalOcean Driver. In the next page enter following configuration:

  • Your DigitalOcean Access Token
  • DigitalOcean default volume size: 10

Add Mender Server Stack

In Rancher Server UI, go to Catalog/Mender and select Mender Server. In the next page enter following configuration:

Mender Stack configuration

  1. Scale: 4
  2. Database volume driver: Leave default value unless you know what you are doing.
  3. API Gateway Certificate: Select Mender Server certificate you have added previously.
  4. User Administration Key: Paste the contents of keys-generated/keys/useradm/private.key file.
  5. Device Authentication Key: Paste the contents of keys-generated/keys/deviceauth/private.key file.
  6. S3 Access Key: Your AWS Access Key.
  7. S3 Secret Key: Your AWS Secret Key.
  8. S3 Bucket: S3 bucket name where the uploaded Mender artifacts will be stored and served from.
  9. S3 URI: Leave default value if you want to use S3 from AWS (recommended).

To create your AWS access and secret key, see Managing Access Keys for your AWS Account from AWS Documentation website.

Step 8 — Setup DigitalOcean Load Balancer

In DigitalOcean control panel, go to Load Balancers page by selecting Networking from the top navigation bar, then clicking Load Balancers. This will take us to Load Balancers page. Click on Create Load Balancer. In the Create Load Balancer page:

Load Balancer configuration

  1. Given a Name to the Load Balancer.
  2. In Add Droplets search for “mender” tag.
  3. Select NYC1 as Region.
  4. Add HTTPS forwarding rule

Leave all other options at their default values and click in Create Load Balancer.

Once the Load Balancer is created, its IP address will appear automatically on the Load Balancers overview page. Copy the IP Address and simply open it in your web browser.

The first time you access the UI, you will be asked to create the initial user. Simply input your email and desired password as shown below:

Mender initial screen

Backup

The Mender Catalog for Rancher also provides a template for Rancher Backup Agent, which enables you to backup your Mender Server stack.

In Rancher Server UI, go to Catalog/Mender and select Mender Backup Agent. In the next page enter following configuration:

  1. S3 Access Key: Your AWS Access Key.
  2. S3 Secret Key: Your AWS Secret Key.
  3. S3 Bucket: S3 bucket name where backup artifacts will be uploaded.
  4. S3 URI: Leave default value if you want to use S3 from AWS (recommended).
  5. Backup Time: The default value is once a day at 00:00h. Use crontab syntax to change backup time.

That’s It

Feel free to browse and contribute to Mender Catalog for Rancher.

gustavosbarreto/mender-rancher_mender-rancher — Rancher template for Mender platform_github.com

Published by HackerNoon on 2017/07/05
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy