Finally 100% Rancher!

I was in Portland at Write the Docs this summer with my coworkers where I gave a lightning talk, mostly about my research but partly describing the value of technical writing skills when writing a thesis. Offstage I bumped into Sharon Campbell, Editorial Manager at DigitalOcean. I told her how happy I was to be a customer of DO and asked if she could recommend an orchestration platform for Docker that wasn’t quite as intense as Kubernetes, and she pointed me at Rancher.

Rancher is just my speed. At its simplest, it is a collection of environments, each of which is a collection of stacks, each of which is effectively a collection of Docker containers and volumes defined by a docker-compose.yml file. This is the level at which I operate – three to five containers per stack, all working directly together. How hard could it be to Docker all the things?

So first I did an audit of all the things we as a family have in the cloud. I came up with two Django apps, a Minecraft server, mail for a bunch of domains, three static websites and a couple of blogs. Wow! The most important Django app (pyment) had already been Dockerified during development, so that was relatively easy to move. The static websites and blogs were also simple. Minecraft looked hard at first but turned out to be one of the simplest changes. Mail was a little exciting as previously I’d been using Mail-in-a-Box which was nice but not quite right for me. I loved the LetsEncrypt support but chafed under the static site constraints.

For mail, was what I eventually chose as a replacement – no webmail, but everything else was great. I decided that I needed to LetsEncrypt as much as possible so I found which was perfect for my needs. I use this code to proxy both my Rancher server and the private Docker registry I set up to host my growing collection of containers. Within Rancher’s orchestration, I found a catalog entry which did the same kind of LE proxy for Rancher stacks at – this is the cornerstone of all my secured content. The static sites and blogs were trivial to set up with HTTPS using this catalog entry. The Django apps were the last to move due to their complexity. I updated them from Python 2.7 and Django 1.7 to Python 3.5 and Django 1.10 before migrating them to the new platform, with the last app moving this afternoon.

I needed some additional tools to support this new design. Rancher has an external-dns tool which works with AWS’s Route 53 and others to dynamically update DNS based on stacks and containers, but it didn’t support DO’s DNS API so I fixed that. My PR isn’t quite ready for prime time, but it does everything I need it to do right now. It’s on the list of things to get cleaned up eventually! I also had to come up with a backup strategy. I’m not entirely satisfied with my tool but it works well on files and just needs database support to be complete.

I’m almost done backing up the old server. Once that’s complete, I’m going to shut it down for a week and make sure that all is well. If so, I’ll decommission the old droplet and build a test cluster for Rancher 1.2, which just came out last week. Never a dull moment!