Matching up services and hosts with tags/labels

I’m trying to use Rancher to solve a very basic problem at the moment. I already have AWS autoscale groups that need specific stacks pushed to them. Ideally, I’d like to be able to tag a service group, say type=staging and also tag my servers when they autoscale through cloudformation with type=staging so that configured services know which nodes they are supposed to run on.

I understand how to set labels on the nodes when they boot up:

sudo docker run -e CATTLE_HOST_LABELS='type=staging'  -d --privileged -v \
/var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher \
rancher/agent:v1.2.1 https://try-api.rancher.com/v1/scripts/redacted:1483142400000:redacted\n"

However, it’s not obvious to me how I can set this label on my service. Any help would be appreciated, or if I’m going about it the wrong way, some architecture advice would be great.

Labels are a property of services that you can set in the UI or compose, which directly corresponds to labeled on native docker containers.

You don’t need to label both sides though; you can either:

  • Label hosts and put in scheduling rules that they must run on a host with label X

Or

  • Label containers and put “required container labels” on the host so that the host will only run containers with one or more matching labels (Rancher 1.5+).
1 Like

Thanks for the reply. Here’s what I did (just so other users have a concrete example).

In my docker compose, I set a label on the service of type: staging

version: '2'
services:
  web:
    image: repo/image:latest
    entrypoint:
    - pm2-docker
    - /home/code/process.yml
    - --only
    - web
    ports:
    - 80:3080/tcp
    - 443:3443/tcp
    labels:
      type: staging

As my nodes spin up, they acquire the tag type=label from a UserData (startup) script:

sudo docker run -e CATTLE_HOST_LABELS=\"type=staging\"  -d --privileged -v /var/run
/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.1 https://try-api.rancher.com/v1/scripts/<redacted>:<redacted>:<redacted>

I just found an inconsistency in how the label rules are followed:

Here is my node (you can see the label autoscale=staging):

Here is my services config (see type=staging):

So, seems to me that those services should not deploy to those nodes because the labels don’t match. Anyone care to comment on this and explain how I would limit to only properly labelled nodes?

You’re just labeling the hosts and services, but there is no particular relationship between those. That’s just two independent pieces of data, nothing is acting on it.

As I said above you need either to add a scheduling rule to make the service require a host with a certain label or add the service label to the list of labels the host(s) require. In either case you only need to label one side or the other, not both.

@vincent

Per your instructions:

Or

Label containers and put “required container labels” on the host so that the host will only run containers with one or more matching labels (Rancher 1.5+).

I labelled my containers via my docker-compose.yml file

version: '2'
services:
  web:
    image: repo/image:latest
    entrypoint:
    - pm2-docker
    - /home/code/process.yml
    - --only
    - web
    ports:
    - 80:3080/tcp
    - 443:3443/tcp
    labels:
      type: staging

And I labelled my hosts by adding it to the ranger/agent. If you don’t mind, could you provide an example or some steps that might assist me (and others) with a solution?

“required container labels” is not the same thing as “labels” on the host.

Thanks for the clarification. In my case, I need to be able to have the host come up with this as a requirement and without manual intervention. Is it possible to issue something when the host boots up to enforce this requirement?

sudo docker run -e CATTLE_HOST_LABELS='autoscale=docker'  -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.1 https://try-api.rancher.com/v1/scripts/<redacted>:<redacted>:<redacted>

The “require container label” value is itself a host label, io.rancher.scheduler.require_any=io.rancher.container.system, type=staging.

So you can do that with CATTLE_HOST_LABELS, it just has to be urlencoded correctly, which the custom Add Host screen can give you:

Well, now things are better and worse… This is pretty bizarre, but now my host seems to be spawning tons of containers…

Here is how I called the forced labels:

sudo docker run -e CATTLE_HOST_LABELS='io.rancher.scheduler.require_any=io.rancher.container.system%2Cautoscale%3Ddocker'  -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.1 https://try-api.rancher.com/v1/scripts/readacted\

Here is a screenshot of the Edit Host screen:

As you can probably see, I substituted type=staging for autoscale=docker to more accurately reflect my environment.

Did you delete the host before re-running the registration command? If you want to rerun registration just run the command again.

Deleting doesn’t do anything to the actual containers running on the host. If the host is then added back as a new host, all the existing containers are imported from it, and not tied to any previous service/stack. These are the ones that start with r-, as that is what the containers are actually named to docker.

I did delete the host before re-running the registration command. The other containers appear to be attempting to launch and then failing. When I issue:

docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
adventhp/cavo             latest              07e85d26e061        23 hours ago        2.513 GB
rancher/network-manager   v0.5.3              0f224908d730        37 hours ago        241.6 MB
rancher/metadata          v0.8.11             19b37bb3e242        2 weeks ago         251.5 MB
rancher/agent             v1.2.1              e0fe21271bed        2 weeks ago         233.7 MB
rancher/scheduler         v0.7.4              7a32d7571cad        3 weeks ago         241.9 MB
rancher/net               v0.9.4              5ac4ae5d7fa4        3 weeks ago         264.4 MB
rancher/network-manager   v0.4.8              45bdcd2b1944        3 weeks ago         241.6 MB
rancher/dns               v0.14.1             4e37fc4150c2        3 weeks ago         239.9 MB
rancher/healthcheck       v0.2.3              491349141109        8 weeks ago         383.3 MB
rancher/net               holder              bb516596ce5a        12 weeks ago        261.7 MB

docker ps

CONTAINER ID        IMAGE                            COMMAND                  CREATED             STATUS              PORTS
 NAMES
1ac7e1dd4e2c        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   19 minutes ago      Up 19 minutes
 r-Docker-ocr-3-645e5370
e4f410959354        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   19 minutes ago      Up 19 minutes
 r-Docker-ocr-2-fe774390
021f5d5c33b9        rancher/network-manager:v0.5.3   "/rancher-entrypoint."   8 hours ago         Up 8 hours
 r-network-services-network-manager-8-07772297
4b0611ad40ce        rancher/net:v0.9.4               "/rancher-entrypoint."   11 hours ago        Up 11 hours
 r-ipsec-ipsec-router-1-4388aa80
161843c46700        rancher/dns:v0.14.1              "/rancher-entrypoint."   11 hours ago        Up 11 hours
 r-network-services-metadata-dns-7-9bd280f6
5add41da7315        rancher/metadata:v0.8.11         "/rancher-entrypoint."   11 hours ago        Up 11 hours
 r-network-services-metadata-7-6e0c06d5
f8500326069d        rancher/healthcheck:v0.2.3       "/.r/r /rancher-entry"   11 hours ago        Up 11 hours
 r-healthcheck-healthcheck-10-6f6a867a
8612210f61f1        rancher/scheduler:v0.7.4         "/.r/r /rancher-entry"   11 hours ago        Up 11 hours
 r-scheduler-scheduler-1-eaa2b727
856bbf6a1fc1        rancher/net:holder               "/.r/r /rancher-entry"   11 hours ago        Up 11 hours
 r-ipsec-ipsec-1-2348495d
9128508d0758        rancher/net:v0.9.4               "/rancher-entrypoint."   11 hours ago        Up 11 hours
 r-ipsec-ipsec-cni-driver-1-d80c8e64
9519d74f2953        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   11 hours ago        Up 11 hours
 r-Docker-web-1-2846d616
2d6e07423e1f        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   11 hours ago        Up 11 hours
 r-Docker-ocr-1-140b1800
374104677d31        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   11 hours ago        Up 11 hours
 r-Docker-edi-1-d91d172d
a5b3e25699e5        adventhp/cavo:latest             "/.r/r pm2-docker /ho"   11 hours ago        Up 11 hours
 r-Docker-email-1-2eea4544
5f9a922840cc        rancher/agent:v1.2.1             "/run.sh run"            11 hours ago        Up 11 hours

I see a nice consolidated list of what is running on the host. Why does rancher show so many artifacts? Is there a way to reduce the clutter?