From operating system to Docker¶
In this phase, you'll not only install Docker but overall prepare the machine for the TeskaLabs LogMan.io installation.
If you've skipped the bare metal installation and run the installation in a virtual server, pay attention to the prerequisites.
Prerequisites¶
- Running server with installed operating system.
- Access to the server over SSH, the user is
tladmin
with an permission to executesudo
. - Slow storage mounted at
/data/hdd
. - Fast storage mounted at
/data/ssd
.
Timezone UTC
The timezone of the Operating System for TeskaLabs LogMan.io MUST be set to UTC.
Steps¶
1) Login into the server over SSH as an user tladmin
ssh tladmin@<ip-of-the-server>
2) Configure SSH access
Install public SSH key(s) for tladmin
user:
cat > /home/tladmin/.ssh/authorized_keys
Restrict the access:
sudo vi /etc/ssh/sshd_config
Changes in the /etc/ssh/sshd_config
:
PermitRootLogin
tono
PubkeyAuthentication
toyes
PasswordAuthentication
tono
3) Configure Linux kernel parameters
Write this contents into file /etc/sysctl.d/01-logman-io.conf
vm.max_map_count=262144
net.ipv4.ip_unprivileged_port_start=80
fs.inotify.max_user_instances=1024
fs.inotify.max_user_watches=1048576
fs.inotify.max_queued_events=16384
The parameter vm.max_map_count
increase the maximum number of mmaps in Virtual Memory subsystem of Linux.
It is needed for the Elasticsearch.
The parameter net.ipv4.ip_unprivileged_port_start
enabled unpriviledged processes to listen on port 80 (and more).
This is to enable NGINX to listen on this port and not require elevated priviledges.
4) Install Docker
Docker is necessary for deployment of all LogMan.io microservices in containers, namely Apache Kafka, Elasticsearch, NGINX and individual streaming pumps etc.
Create dockerlv
logical volume with EXT4 filesystem:
sudo lvcreate -L100G -n dockerlv systemvg
sudo mkfs.ext4 -L docker-ssd /dev/systemvg/dockerlv
sudo mkdir /var/lib/docker
Enter the following line to /etc/fstab
:
/dev/disk/by-label/docker-ssd /var/lib/docker ext4 defaults,noatime 0 1
Mount the volume:
sudo mount /var/lib/docker
Install the Docker package:
sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker tladmin
Re-login to the server to apply the group change.
5) Disable Docker bridge network
The Docker creates an bridge network (docker0
) by default, which is not needed for the TeskaLabs LogMan.io.
This is how to disable a default bridge network of the Docker.
Create file /etc/docker/daemon.json
with a following content:
{
"bridge": "none"
}
6) Install Wireguard
Wireguard is a fast and the most secure VPN technology. TeskaLabs LogMan.io utilizes Wireguard for an internal communication within the cluster.
Wireguard network IP range is 172.17.10.0/24
.
Each cluster node gets one IP address from this range, the first node gets 172.17.10.1
, the second 172.17.10.2
and so on.
sudo apt install wireguard
sudo su -
cd /etc/wireguard/
umask 077
wg genkey > wg0.key
wg pubkey < wg0.key > wg0.pub
Create /etc/wireguard/wg0.conf
with a following content.
Adjust [Peer]
sections to reflect your cluster layout.
If you are installing a single-node variant, only one [Peer]
section will be present.
[Interface]
PrivateKey = <content of the wg0.key file>
ListenPort = 41194
Address = 172.17.10.1/24
MTU = 1412
[Peer]
# The first node
PublicKey = <content of the wg0.pub file>
Endpoint = <IP address of the first node>:41194
AllowedIPs = 172.17.10.1/32
PersistentKeepalive = 60
[Peer]
# The second node
PublicKey = <content of the wg0.pub file from lmb2 node>
Endpoint = <IP address of the second node>:41194
AllowedIPs = 172.17.10.2/32
PersistentKeepalive = 60
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0.service
7) Configure hostnames' resolution (optionally)
TeskaLabs LogMan.io cluster requires that each node can resolve IP address of any other cluster node from its hostname.
If the configured DNS server doesn't provide this ability, node names and their IP addresses have to be inserted into /etc/hosts
.
sudo vi /etc/hosts
Example of /etc/hosts
172.17.10.1 lma1
172.17.10.2 lmb1
172.17.10.3 lmx1
Note, that IP addresses are taken from the Wireguard range.
8) Reboot the server
sudo reboot
This is important to apply all above parametrization.