# Phase 6: Multi-Host Docker Management with Portainer ## Overview **Goal:** Unified container management dashboard for Unraid Docker. | Component | Role | |-----------|------| | Portainer CE | Management hub (runs on Unraid) | | Unraid Docker | Local host via Unix socket | > **Note:** MikroTik RouterOS containers cannot be managed via Portainer - see [Limitation](#mikrotik-limitation) section. --- ## Phase 6.1: Unraid Server Setup ✅ COMPLETED **Goal:** Install and configure the Portainer controller. ### Tasks - [x] Install Portainer CE container via Docker CLI - [x] Configure container settings: - Network Type: **Bridge** - Port Mapping: Container **9000** → Host **9002** (changed due to Authentik conflict) - Port Mapping: Container **9443** → Host **9444** - Path Mappings: - Host `/var/run/docker.sock` → Container `/var/run/docker.sock` - Host `/mnt/user/appdata/portainer` → Container `/data` - [x] Add Unraid labels (`net.unraid.docker.managed`, `net.unraid.docker.icon`) - [x] Add Tailscale labels (`tailscale.expose`, `tailscale.host`, `tailscale.port`) - [x] Start container - [x] Initialize Portainer via web UI ### Container Configuration ```bash docker run -d \ --name=portainer \ --restart=unless-stopped \ -p 9002:9000 \ -p 9444:9443 \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /mnt/user/appdata/portainer:/data \ --label 'net.unraid.docker.managed=dockerman' \ --label 'net.unraid.docker.icon=https://raw.githubusercontent.com/lllllllillllllillll/Dashboard-Icons/main/png/portainer.png' \ --label 'net.unraid.docker.webui=http://100.100.208.70:9002' \ --label 'tailscale.expose=true' \ --label 'tailscale.host=100.100.208.70' \ --label 'tailscale.port=9002' \ portainer/portainer-ce:latest ``` ### Access URLs - LAN: `http://192.168.31.2:9002` - Tailscale: `http://100.100.208.70:9002` - HTTPS LAN: `https://192.168.31.2:9444` - HTTPS Tailscale: `https://100.100.208.70:9444` ### Verification - [x] Portainer container running - [x] Portainer UI accessible - [x] Local Unraid environment connected --- ## Phase 6.2 & 6.3: MikroTik Integration ❌ NOT FEASIBLE ### MikroTik Limitation **MikroTik RouterOS does not use Docker.** It has its own proprietary container runtime that: - Does NOT have a Docker daemon - Does NOT expose `/var/run/docker.sock` - Does NOT support Docker API - Can ONLY be managed via RouterOS CLI/API ### What Was Attempted 1. Created veth interface (`veth-socat` at 172.17.0.5) 2. Added bridge port to `docker-bridge` 3. Created mount for `/var/run/docker.sock` 4. Deployed `alpine/socat` container 5. Added firewall and NAT rules ### Why It Failed ``` socat[2] E connect(, AF=1 "/var/run/docker.sock", 22): No such file or directory ``` The socket doesn't exist because MikroTik's container system is not Docker-based. ### Cleanup Performed All MikroTik changes were reverted: - Removed socat container - Removed veth-socat interface - Removed docker_sock mount - Removed firewall/NAT rules --- ## MikroTik Container Management Alternatives Since Portainer cannot connect to MikroTik, use these methods instead: ### 1. RouterOS CLI (SSH) ```bash # From Unraid ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1 # List containers /container/print # Start/stop containers /container/start 0 /container/stop 0 # View logs /log/print where topics~"container" ``` ### 2. WinBox/WebFig Access MikroTik web interface at `http://192.168.31.1` to manage containers via GUI. ### 3. RouterOS REST API MikroTik RouterOS 7+ has a REST API that can be used for automation: ``` GET https://192.168.31.1/rest/container ``` --- ## Current Status Summary | Component | Status | Access | |-----------|--------|--------| | Portainer (Unraid) | ✅ Running | http://100.100.208.70:9002 | | Unraid Docker | ✅ Connected | Via Portainer | | MikroTik Containers | ⚠️ Separate | Via RouterOS CLI | --- ## Rollback Plan If Portainer issues occur: ```bash docker stop portainer && docker rm portainer ``` --- ## Related Documents - [00-CURRENT-STATE.md](./00-CURRENT-STATE.md) - Infrastructure overview