Hi all !
Me and some colleagues spent many time trying to install Rancher in HA mode last months !
Firts we started trying with CentOS 7 and met many difficulties, with devicemapper (we configured direct-lvm mode instead of loop-lvm for Docker). This configuration was not the good one. Perhaps, the kernel version was not appropriated for docker.
Finally we adopted Debian 8. We have a 3.14 kernel version. With this kernel we have some troubles with docker and devicemapper with direct-lvm mode. If we have to delete racher-ha-cattle we faced some kernel error like that:
unregister_netdevice: waiting for lo to become free. Usage count = -1
After that, we was not sure about how good was our installation. So we continue with Debian 8, but with the 3.16 kernel, and the Docker 1.10.3 ! This new installation uses AUFS. So we didn’t tried the devicemapper with direct-lvm.
In our installation we also faced a bug of the rancher HA installer script. We have to put our certificate in the script as it’s described here:
Loadbalancer
To ansewer to @moensch we use Nginx as a loadbalancer. And it’s work.
upstream rancher {
ip_hash;
server xxx.xxx.xxx.xxx;
server xxx.xxx.xxx.xxx;
server xxx.xxx.xxx.xxx;
}
server {
listen 80; listen 443 ssl; server_name <<sub domain>>.<<domain>>.<<tld>>; ssl on; ssl_certificate /etc/rancher/ssl/cert.pem; ssl_certificate_key /etc/rancher/ssl/privkey.pem; ssl_trusted_certificate /etc/rancher/ssl/chain.pem;
ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m;
ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
add_header Strict-Transport-Security "max-age=31536000";
access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log;
location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://rancher; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close. proxy_read_timeout 900s; }}
I spent time, and time with Haproxy. I will investigate more on it. Now Rancher is working.
a new error
I face a last error when I try to add a host that will be manage by Rancher. It’s the same trouble as it’s described here:
Our certificate is generated with Let’s Encrypt.
Our stack:
- Debian 8.5 (3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64 GNU/Linux)
- Docker 1.10.3
- Rancher Server 1.1.2
- Rancher Agent-instance v0.8.3
- Rancher Agent v1.0.2
Cheers