Rancher Server is able to run without internet, but the web browser accessing the UI will need access to the private network. Rancher can be configured with either a private registry or with a HTTP proxy.
When launching Rancher server with no internet access, there will be a couple of features that will no longer work properly.
docker-machine
to create hosts in the cloud providers, this functionality will not work. You will add custom hosts to your Rancher setup.It is assumed you either have your own private registry or other means of distributing docker images to your machine. If you need help with creating a private registry, please refer to the Docker documentation for private registries.
It is very important that all images (i.e. rancher/server, rancher/agent, rancher/agent-instance) are distributed before attempting to install/upgrade Rancher Server. If these versions are not available in your private registry, Rancher Server will become unstable.
For each release of Rancher server, the corresponding Rancher agent and Rancher agent instance versions will be available in the release notes.
Commands to Push Images to Private Registry
These examples are for the v1.0.1 release using a machine that has access to both DockerHub and your private registry. We recommend tagging the version of the images in your private registry as the same version.
# rancher/server
$ docker pull rancher/server:v1.0.1
$ docker tag rancher/server:v1.0.1 localhost:5000/<NAME_OF_LOCAL_RANCHER_SERVER_IMAGE>:v1.0.1
$ docker push localhost:5000/<NAME_OF_LOCAL_RANCHER_SERVER_IMAGE>:v1.0.1
# rancher/agent
$ docker pull rancher/agent:v1.0.1
$ docker tag rancher/agent:v1.0.1 localhost:5000/<NAME_OF_LOCAL_RANCHER_AGENT_IMAGE>:v1.0.1
$ docker push localhost:5000/<NAME_OF_LOCAL_RANCHER_AGENT_IMAGE>:v1.0.1
# rancher/agent-instance
$ docker pull rancher/agent-instance:v0.8.1
$ docker tag rancher/agent-instance:v0.8.1 localhost:5000/<NAME_OF_LOCAL_RANCHER_AGENT_INSTANCE_IMAGE>:v0.8.1
$ docker push localhost:5000/<NAME_OF_LOCAL_RANCHER_AGENT_INSTANCE_IMAGE>:v0.8.1
On your machine, start Rancher server to use the specific Rancher images. We recommend using specific version tags instead of the latest
tag to ensure you are working with the correct versions.
Example:
$ sudo docker run -d --restart=unless-stopped -p 8080:8080 \
-e CATTLE_BOOTSTRAP_REQUIRED_IMAGE=<Private_Registry_Domain>:5000/<NAME_OF_LOCAL_RANCHER_AGENT_IMAGE>:v1.0.1 \
-e CATTLE_AGENT_INSTANCE_IMAGE=<Private_Registry_Domain>:5000/<NAME_OF_LOCAL_RANCHER_AGENT_INSTANCE_IMAGE>:v0.8.1 \
<Private_Registry_Domain>:5000/<NAME_OF_LOCAL_RANCHER_SERVER_IMAGE>:v1.0.1
The UI and API will be available on the exposed port 8080
. You can access the UI by going to the following URL: http://<SERVER_IP>:8080
.
After accessing the UI, click on the Add Host button. This will immediately bring you to the Host Registration page. Click Save.
The cloud providers will not work as Rancher uses docker-machine
to provision the hosts through the cloud providers. Click on the Custom icon to add the host.
The command from the UI will be configured to use the private registry image for the Rancher agent.
$ sudo docker run -d --privileged -v /var/run/docker.sock:/var/run/docker.sock <Private_Registry_Domain>:5000/<NAME_OF_LOCAL_RANCHER_AGENT_IMAGE>:v1.0.1 http://<SERVER_IP>:8080/v1/scripts/<security_credentials>
Reminder, in this setup, the web browser accessing the UI will need access only the private network.
In order to set up a HTTP proxy, the Docker daemon will need to be modified to point to the proxy for Rancher server and Rancher hosts. Before launching Rancher server or Rancher agents, edit the /etc/default/docker
file to point to your proxy and restart Docker.
$ sudo vi /etc/default/docker
In the file, edit the #export http_proxy="http://127.0.0.1:3128/"
to have it point to your proxy. Save your changes and then restart docker. Restarting Docker is different on every OS.
Note: If you are running Docker with systemd, please follow Docker’s instructions on how to configure the HTTP proxy.
Rancher server does not need to be launched using any environment variables when using a proxy. Therefore, the command to start Rancher server will be the same as a regular installation.
sudo docker run -d --restart=unless-stopped -p 8080:8080 rancher/server
The UI and API will be available on the exposed port 8080
. You can access the UI by going to the following URL: http://<SERVER_IP>:8080
.
After accessing the UI, you can click on the Add Host button. This will immediately bring you to the Host Registration page. Click Save.
The cloud providers will not work as Rancher uses docker-machine
to provision the hosts through the cloud providers. Click on the Custom icon to add the host.
The command from the UI can be used on any machine that has Docker configured to use HTTP proxy.