Skip to content

From operating system to Docker

In this phase, you'll not only install Docker but overall prepare the machine for the TeskaLabs LogMan.io installation.

If you've skipped the bare metal installation and run the installation in a virtual server, pay attention to the prerequisites.

Prerequisites

  • Running server with installed operating system.
  • Access to the server over SSH, the user is tladmin with an permission to execute sudo.
  • Slow storage mounted at /data/hdd.
  • Fast storage mounted at /data/ssd.

Timezone UTC

The timezone of the Operating System for TeskaLabs LogMan.io MUST be set to UTC.

Steps

1) Login into the server over SSH as an user tladmin

ssh tladmin@<ip-of-the-server>

2) Configure SSH access

Install public SSH key(s) for tladmin user:

cat > /home/tladmin/.ssh/authorized_keys

Restrict the access:

sudo vi /etc/ssh/sshd_config

Changes in the /etc/ssh/sshd_config:

  • PermitRootLogin to no
  • PubkeyAuthentication to yes
  • PasswordAuthentication to no

3) Configure Linux kernel parameters

Write this contents into file /etc/sysctl.d/01-logman-io.conf

vm.max_map_count=262144
net.ipv4.ip_unprivileged_port_start=80
fs.inotify.max_user_instances=1024
fs.inotify.max_user_watches=1048576
fs.inotify.max_queued_events=16384

The parameter vm.max_map_count increase the maximum number of mmaps in Virtual Memory subsystem of Linux. It is needed for the Elasticsearch.

The parameter net.ipv4.ip_unprivileged_port_start enabled unpriviledged processes to listen on port 80 (and more). This is to enable NGINX to listen on this port and not require elevated priviledges.

4) Install Docker

Docker is necessary for deployment of all LogMan.io microservices in containers, namely Apache Kafka, Elasticsearch, NGINX and individual streaming pumps etc.

Create dockerlv logical volume with EXT4 filesystem:

sudo lvcreate -L100G -n dockerlv systemvg
sudo mkfs.ext4 -L docker-ssd /dev/systemvg/dockerlv
sudo mkdir /var/lib/docker

Enter the following line to /etc/fstab:

/dev/disk/by-label/docker-ssd   /var/lib/docker ext4 defaults,noatime 0 1

Mount the volume:

sudo mount /var/lib/docker

Install the Docker package:

sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker tladmin

Re-login to the server to apply the group change.

5) Disable Docker bridge network

The Docker creates an bridge network (docker0) by default, which is not needed for the TeskaLabs LogMan.io. This is how to disable a default bridge network of the Docker.

Create file /etc/docker/daemon.json with a following content:

{
    "bridge": "none"
}

6) Install Wireguard

Wireguard is a fast and the most secure VPN technology. TeskaLabs LogMan.io utilizes Wireguard for an internal communication within the cluster.

Wireguard network IP range is 172.17.10.0/24. Each cluster node gets one IP address from this range, the first node gets 172.17.10.1, the second 172.17.10.2 and so on.

sudo apt install wireguard
sudo su -
cd /etc/wireguard/
umask 077
wg genkey > wg0.key
wg pubkey < wg0.key > wg0.pub

Create /etc/wireguard/wg0.conf with a following content. Adjust [Peer] sections to reflect your cluster layout. If you are installing a single-node variant, only one [Peer] section will be present.

[Interface]
PrivateKey = <content of the wg0.key file>
ListenPort = 41194
Address = 172.17.10.1/24
MTU = 1412

[Peer]
# The first node
PublicKey = <content of the wg0.pub file>
Endpoint = <IP address of the first node>:41194
AllowedIPs = 172.17.10.1/32
PersistentKeepalive = 60

[Peer]
# The second node
PublicKey = <content of the wg0.pub file from lmb2 node>
Endpoint = <IP address of the second node>:41194
AllowedIPs = 172.17.10.2/32
PersistentKeepalive = 60

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0.service

7) Configure hostnames' resolution (optionally)

TeskaLabs LogMan.io cluster requires that each node can resolve IP address of any other cluster node from its hostname. If the configured DNS server doesn't provide this ability, node names and their IP addresses have to be inserted into /etc/hosts.

sudo vi /etc/hosts

Example of /etc/hosts

172.17.10.1 lma1
172.17.10.2 lmb1
172.17.10.3 lmx1

Note, that IP addresses are taken from the Wireguard range.

8) Reboot the server

sudo reboot

This is important to apply all above parametrization.