Portainer – GUI Docker Management

Portainer is an open-source service that can be used to centrally managed docker containers from a single web UI. This is done by exposing the Docker API on each machine, which portainer would use to connect over TLS. More info on portainer can be found here.

Installation:

The service installation is quite simple. Create a directory where you would like the service to be located and download the necessary executable file.

mkdir -p /portainer
cd /portainer
wget https://github.com/portainer/portainer/releases/download/1.23.2/portainer-1.23.2-linux-amd64.tar.gz
tar -xvf portainer-1.23.2-linux-amd64.tar.gz
rm -rf portainer-1.23.2-linux-amd64.tar.gz
nohup ./portainer -p :8000 --data "${PWD}/data" --template-file "${PWD}/templates.json" --ssl --sslcert cert.crt --sslkey key.pem >> nohup.out &
  • The p argument will start portainer on that specific port
  • The data argument will save the portainer data in that specified directory
  • For the template-file argument you can find further information here
  • The ssl argument to start portainer with TLS
  • You can now access portainer from your web browser.

Expose Docker API on client machines:

The client machines would need to have docker-ce installed in order to expose the necessary API. You can use the following commands to install docker-ce if needed.

yum -y remove docker \
       docker-client \
       docker-client-latest \
       docker-common \
       docker-latest \
       docker-latest-logrotate \
       docker-logrotate \
       docker-engine

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce

After the service is installed, create a service directory in /etc/system/system and configure dockerd with the necessary configs and ssl certificates for TLS exposure. Make sure that the hostname in the ExecStart is the client itself.

mkdir -p /etc/systemd/system/docker.service.d/
nano /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://*hostname*:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert=cert.crt --tlscert=cert.crt --tlskey=key.pem
systemctl daemon-reload
service docker restart

Adding client endpoints on Portainer

When logged in, you will see a left-side menu. Go to the Endpoint menu, Add endpoint, and you will have the choice to select a Docker endpoint as a way for portainer to collect and gain access to the docker information on that specific machine.

  • The Name can be setup to whatever you require to identify the node (e.g. node1)
  • Endpoint URL should be the either the client machine IP or the FQDN together with the docker API port as explained above. (e.g. node1.mintopsblog.local:2376)
  • If the docker API is setup with TLS, you would need to enable the TLS option, select TLS with server and client verification and then select the necessary TLS files for portainer to verify with the client.
  • Group can remain Unassigned, but you can create Groups later to organize the docker endpoints

portainer1

LDAP Authentication

When logged in, you will see a left-side menu. Go to the Settings menu, select Authentication and choose LDAP from the top selection.

You would need to specify the following for it to work.

  • LDAP Server (e.g. ldap.mintopsblog.local:389)
  • Reader DN (e.g.  CN=LDAP,OU=Users,DC=mintopsblog,DC=local)
  • Password (this needs to be the user password of the Reader DN)
    • Test Connectivity to see that portainer can read the AD
  • You can also specify User searches based on filters, here is an example
    • Base DN (e.g. DC=mintopsblog,DC=local)
    • Username attribute (e.g. sAMAccountName)
    • Filter (e.g. (memberOf=CN=Portainer,OU=Groups,DC=mintopsblog,DC=local))
  • For the users login, you would need to go on the Users menu and add the specific user.

Hope this guide helps you out, if you have any difficulties don’t hesitate to post a comment. Also, any needed improvements or mistakes done in the guides feel free to point them out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: