An interactive guide to deploying Mender Server stack on DigitalOcean using Rancher What is Mender? MMender is an open source remote software updater for embedded Linux devices. It enables the of software updates to connected devices remotely, whether over-the-air or over any TCP/IP network. You can deploy an image-based update from the Mender Server to your connected device or devices. management Rancher Container Management Platform As can you see in the “Mender Server Containers Graph”, Mender Server has several containers, it could be hard to maintain a cluster of hosts running all Mender containers, Rancher makes this easy. Prerequisites To complete this tutorial you must have following: account to create and DigitalOcean droplets volumes Amazon AWS account to create a for storing S3 bucket Mender artifacts Monthly Costs Estimation There are lots of costs in running Mender Server on DigitalOcean ready for production. The table below describes the monthly costs on DigitalOcean to maintain a Mender Server instance up and running for production environment. DigitalOcean monthly costs estimation : 1x Droplet instance of 2GB RAM for Rancher Server Item 1 : 4x Droplet instances of 1GB RAM for Mender services Item 2 : 5x volume of 10GB to persist database data of Mender services Item 3 : 1x DigitalOcean load balancer instance Item 4 Step 1 — Create Rancher Server Droplet First, we need to create Rancher Server Droplet. Rancher Server will take care of creating and orchestrating Mender infrastructure in your cluster. Go to your DigitalOcean dashboard and create a new team called . Switch to Mender team and create a new Droplet with the following configuration: Mender Rancher Server Droplet configuration : Ubuntu 16.04 x64 Distribution : $20/mo Size : New York 1 Datacenter region Add your public SSH key if you have them Set the hostname to “rancher-server” Step 2 — Start Rancher Server After Rancher Server Droplet provisioning is finished, you must login into to start Rancher Server. Go to your and copy the IP Address of the Rancher Server Droplet. DigitalOcean dashboard Now, connect to Rancher Server Droplet running the following command in your computer’s terminal: $ ssh root@<RANCHER_SERVER_IP> NOTE: Replace to the IP Address of Rancher Server Droplet. <RANCHER_SERVER_IP> After successfully connected to SSH, run the following commands to start Rancher Server: $ curl | sh$ docker run -d -restart=unless-stopped \-p 8080:8080 \rancher/server:stable https://releases.rancher.com/install-docker/17.03.sh It will only take a couple of minutes for Rancher Server to start up. Rancher Server UI is exposed on port 8080, so in order to view the UI, go to http:// :8080 <RANCHER_SERVER_IP> Step 3 — Configure Rancher Server By default, Rancher Server comes with no Access Control enabled, this means can access Rancher Server UI. It is recommended to configure Access Control soon after launching Rancher Server. anyone on internet In the Admin tab, click Access Control. Select the Local icon. Create an admin user by providing the , , and . Click to turn on local authentication. Login Username Full Name Password Enable Local Auth Step 4 — Add Rancher Hosts To add Rancher Hosts, access the Rancher Server UI and click , which will immediately bring you to the page. Click on the . Rancher will prompt you to select a host registration URL. This URL is where Rancher server is running and must be reachable from all the hosts that you will be adding. Just click in . Infrastructure Hosts Add Host Save By default, the option will be selected, select icon, enter your DigitalOcean and click Custom DigitalOcean Access Token Configure Droplet. You can generate DigitalOcean on the of the control panel. Access Token Applications & API section In the next page set following configuration for the hosts: Rancher Host configuration : host- Name : 4 Quantity : New York 1 Region : mender Labels v17.03.x (Advanced Options) Docker Install URL: Leave all other options at their default values. Click and wait until Rancher is provisioning hosts for you. Create Step 5 — Install Mender Catalog for Rancher provides templates that make it easy to deploy Mender Server stack. Mender Catalog for Rancher Templates of Mender Catalog for Rancher In Rancher Server UI, go to / and add a new custom catalog: Admin Settings : Mender Name : URL https://github.com/gustavosbarreto/mender-rancher.git : master Branch Step 6 — Generate certificates and keys Please see from Mender documentation website for generating certificates and keys. Generating new keys and certificates section Mender documentationdocs.mender.io Certificates and keys | Mender documentation Step 7 — Deploy Mender Server Stack In this step, we will deploy a Mender Server stack across Rancher Hosts you have been created in Step 4. Add Mender Server certificate Mender uses a secure client-server communication though HTTPS. In order to enable HTTPS in Rancher Load Balancer, you need to upload both and files. private key certificate In Rancher Server UI, to to page. To add a new certificate click on . Infrastructure/Certificates Add Certificate Provide a and for the certificate. If you have generated the certificate following the instructions from Step 6 you have to upload the as and as . Name Description _keys-generated/certs/api-gateway/private.key_ Private Key _keys-generated/certs/api-gateway/cert.crt_ Certificate Install Docker volume plugin for DigitalOcean Block Storage To enable persistent storage for all MongoDB instances of Mender Server, we need to install Docker volume plugin for DigitalOcean Block Storage. The Mender Catalog for Rancher also provides a infrastructure template to install this plugin on all Rancher Hosts. In Rancher Server UI, go to and select . In the next page enter following configuration: Catalog/Mender REX-Ray DigitalOcean Driver Your DigitalOcean Access Token : 10 DigitalOcean default volume size Add Mender Server Stack In Rancher Server UI, go to and select . In the next page enter following configuration: Catalog/Mender Mender Server Mender Stack configuration : 4 Scale : Leave default value unless you know what you are doing. Database volume driver : Select Mender Server certificate you have added previously. API Gateway Certificate : Paste the contents of file. User Administration Key keys-generated/keys/useradm/private.key y: Paste the contents of file. Device Authentication Ke keys-generated/keys/deviceauth/private.key : Your AWS Access Key. S3 Access Key : Your AWS Secret Key. S3 Secret Key t: S3 bucket name where the uploaded Mender artifacts will be stored and served from. S3 Bucke : Leave default value if you want to use S3 from AWS (recommended). S3 URI To create your AWS access and secret key, see from AWS Documentation website. Managing Access Keys for your AWS Account Step 8 — Setup DigitalOcean Load Balancer In , go to Load Balancers page by selecting from the top navigation bar, then clicking . This will take us to Load Balancers page. Click on . In the Create Load Balancer page: DigitalOcean control panel Networking Load Balancers Create Load Balancer Load Balancer configuration Given a to the Load Balancer. Name In search for “mender” tag. Add Droplets Select NYC1 as . Region Add forwarding rule HTTPS Leave all other options at their default values and click in . Create Load Balancer Once the Load Balancer is created, its IP address will appear automatically on the overview page. Copy the IP Address and simply open it in your web browser. Load Balancers The first time you access the UI, you will be asked to create the initial user. Simply input your email and desired password as shown below: Mender initial screen Backup The Mender Catalog for Rancher also provides a template for Rancher Backup Agent, which enables you to backup your Mender Server stack. In Rancher Server UI, go to and select . In the next page enter following configuration: Catalog/Mender Mender Backup Agent : Your AWS Access Key. S3 Access Key : Your AWS Secret Key. S3 Secret Key t: S3 bucket name where backup artifacts will be uploaded. S3 Bucke : Leave default value if you want to use S3 from AWS (recommended). S3 URI : The default value is once a day at 00:00h. Use crontab syntax to change backup time. Backup Time That’s It Feel free to browse and contribute to Mender Catalog for Rancher. _mender-rancher — Rancher template for Mender platform_github.com gustavosbarreto/mender-rancher