Skip to content

From operating system to Docker

In this phase, you'll not only install Docker but overall prepare the machine for the TeskaLabs LogMan.io installation.

If you've skipped the bare metal installation and run the installation in a virtual server, pay attention to the prerequisites.

Prerequisites

  • Running server with installed operating system.
  • Access to the server over SSH, the user is tladmin with an permission to execute sudo.
  • Slow storage mounted at /data/hdd.
  • Fast storage mounted at /data/ssd.

Timezone UTC

The timezone of the Operating System for TeskaLabs LogMan.io MUST be set to UTC.
If the timezone is not already set to UTC, run the following command to configure it: 

sudo timedatectl set-timezone UTC

Steps

1) Login into the server over SSH as an user tladmin

ssh tladmin@<ip-of-the-server>

2) Configure SSH access

Install public SSH key(s) for tladmin user:

cat > /home/tladmin/.ssh/authorized_keys

Restrict the access:

sudo vi /etc/ssh/sshd_config

Changes in the /etc/ssh/sshd_config:

  • PermitRootLogin to no
  • PubkeyAuthentication to yes
  • PasswordAuthentication to no

Remove default configuration:

sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf

3) Configure network

Remove a default cloud-init configuration:

sudo rm /etc/netplan/50-cloud-init.yaml

Create a new Netplan configuration:

sudo vi /etc/netplan/netplan.yaml

Tip

See the Networking chapter for more details on how to configure a network properly.

Apply the new network configuration:

sudo netplan apply

4) Configure Linux kernel parameters

Write this contents into file /etc/sysctl.d/01-logman-io.conf

vm.max_map_count=262144
net.ipv4.ip_unprivileged_port_start=80
fs.inotify.max_user_instances=1024
fs.inotify.max_user_watches=1048576
fs.inotify.max_queued_events=16384

The parameter vm.max_map_count increase the maximum number of mmaps in Virtual Memory subsystem of Linux. It is needed for the Elasticsearch.

The parameter net.ipv4.ip_unprivileged_port_start enabled unpriviledged processes to listen on port 80 (and more). This is to enable NGINX to listen on this port and not require elevated priviledges.

5) Install Docker

Docker is necessary for deployment of all LogMan.io microservices in containers, namely Apache Kafka, Elasticsearch, NGINX and individual streaming pumps etc.

Create dockerlv logical volume with EXT4 filesystem:

sudo lvcreate -L100G -n dockerlv systemvg
sudo mkfs.ext4 -L docker-ssd /dev/systemvg/dockerlv
sudo mkdir /var/lib/docker

Enter the following line to /etc/fstab:

/dev/disk/by-label/docker-ssd   /var/lib/docker ext4 defaults,noatime 0 1

Mount the volume:

sudo mount /var/lib/docker

Install the Docker package:

sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker tladmin

Re-login to the server to apply the group change.

6) Disable Docker bridge network

The Docker creates an bridge network (docker0) by default, which is not needed for the TeskaLabs LogMan.io. This is how to disable a default bridge network of the Docker.

Create file /etc/docker/daemon.json with a following content:

{
    "bridge": "none"
}

7) Install Wireguard

Wireguard is a fast and the most secure VPN technology. TeskaLabs LogMan.io utilizes Wireguard for an internal communication within the cluster.

Wireguard network IP range is 192.0.2.0/24. Each cluster node gets one IP address from this range, the first node gets 192.0.2.1, the second 192.0.2.2 and so on.

What is a subnet 192.0.2.0/24?

The whole 192.0.2.0/24 block is defined in RFC 5737 as a TEST-NET-1 subnet. It's use internally within TeskaLabs LogMan.io minimizes a change of a conflict with existing private IP range in the network. You can use any other private network based on your needs and requirements.

sudo apt install wireguard
sudo su -
cd /etc/wireguard/
umask 077
wg genkey > wg0.key
wg pubkey < wg0.key > wg0.pub

Create /etc/wireguard/wg0.conf with a following content. Adjust [Peer] sections to reflect your cluster layout. If you are installing a single-node variant, only one [Peer] section will be present. On each node, configure the Interface section with matching private key and IP address of the respective node.

[Interface]
PrivateKey = <content of the wg0.key file>
ListenPort = 41194
Address = 192.0.2.1/24
MTU = 1412

[Peer]
# The first node
PublicKey = <content of the wg0.pub file>
Endpoint = <IP address of the first node lm1>:41194
AllowedIPs = 192.0.2.1/32
PersistentKeepalive = 60

[Peer]
# The second node
PublicKey = <content of the wg0.pub file from lm2 node>
Endpoint = <IP address of the second node lm2>:41194
AllowedIPs = 192.0.2.2/32
PersistentKeepalive = 60

[Peer]
# The third or any other node
PublicKey = <content of the wg0.pub file from lm3 node>
Endpoint = <IP address of the lm3 node>:41194
AllowedIPs = 192.0.2.3/32
PersistentKeepalive = 60

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0.service

8) Configure hostnames' resolution (optionally)

TeskaLabs LogMan.io cluster requires that each node can resolve IP address of any other cluster node from its hostname. If the configured DNS server doesn't provide this ability, node names and their IP addresses have to be inserted into /etc/hosts.

sudo vi /etc/hosts

Example of /etc/hosts

192.0.2.1 lm1
192.0.2.2 lm2
192.0.2.3 lm3

Note, that IP addresses are taken from the Wireguard range.

Use these IP addresses when setting up LogMan.io in the next steps.

9) Reboot the server

sudo reboot

This is important to apply all above parametrization.