jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01e85196395e461c8dec70ed7fd864eb86bcbfe1
infrastructure/docs/06-PHASE6-PORTAINER-MANAGEMENT.md
jazzymc 62a6267026
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Add infrastructure documentation
2026-01-18 16:57:25 +02:00

160 lines
4.0 KiB
Markdown
Raw Blame History

# Phase 6: Multi-Host Docker Management with Portainer
## Overview
**Goal:** Unified container management dashboard for Unraid Docker.
| Component | Role |
|-----------|------|
| Portainer CE | Management hub (runs on Unraid) |
| Unraid Docker | Local host via Unix socket |
> **Note:** MikroTik RouterOS containers cannot be managed via Portainer - see [Limitation](#mikrotik-limitation) section.
---
## Phase 6.1: Unraid Server Setup ✅ COMPLETED
**Goal:** Install and configure the Portainer controller.
### Tasks
- [x] Install Portainer CE container via Docker CLI
- [x] Configure container settings:
- Network Type: **Bridge**
- Port Mapping: Container **9000** → Host **9002** (changed due to Authentik conflict)
- Port Mapping: Container **9443** → Host **9444**
- Path Mappings:
- Host `/var/run/docker.sock` → Container `/var/run/docker.sock`
- Host `/mnt/user/appdata/portainer` → Container `/data`
- [x] Add Unraid labels (`net.unraid.docker.managed`, `net.unraid.docker.icon`)
- [x] Add Tailscale labels (`tailscale.expose`, `tailscale.host`, `tailscale.port`)
- [x] Start container
- [x] Initialize Portainer via web UI
### Container Configuration
```bash
docker run -d \
--name=portainer \
--restart=unless-stopped \
-p 9002:9000 \
-p 9444:9443 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /mnt/user/appdata/portainer:/data \
--label 'net.unraid.docker.managed=dockerman' \
--label 'net.unraid.docker.icon=https://raw.githubusercontent.com/lllllllillllllillll/Dashboard-Icons/main/png/portainer.png' \
--label 'net.unraid.docker.webui=http://100.100.208.70:9002' \
--label 'tailscale.expose=true' \
--label 'tailscale.host=100.100.208.70' \
--label 'tailscale.port=9002' \
portainer/portainer-ce:latest
```
### Access URLs
- LAN: `http://192.168.31.2:9002`
- Tailscale: `http://100.100.208.70:9002`
- HTTPS LAN: `https://192.168.31.2:9444`
- HTTPS Tailscale: `https://100.100.208.70:9444`
### Verification
- [x] Portainer container running
- [x] Portainer UI accessible
- [x] Local Unraid environment connected
---
## Phase 6.2 & 6.3: MikroTik Integration ❌ NOT FEASIBLE
### MikroTik Limitation
**MikroTik RouterOS does not use Docker.** It has its own proprietary container runtime that:
- Does NOT have a Docker daemon
- Does NOT expose `/var/run/docker.sock`
- Does NOT support Docker API
- Can ONLY be managed via RouterOS CLI/API
### What Was Attempted
1. Created veth interface (`veth-socat` at 172.17.0.5)
2. Added bridge port to `docker-bridge`
3. Created mount for `/var/run/docker.sock`
4. Deployed `alpine/socat` container
5. Added firewall and NAT rules
### Why It Failed
```
socat[2] E connect(, AF=1 "/var/run/docker.sock", 22): No such file or directory
```
The socket doesn't exist because MikroTik's container system is not Docker-based.
### Cleanup Performed
All MikroTik changes were reverted:
- Removed socat container
- Removed veth-socat interface
- Removed docker_sock mount
- Removed firewall/NAT rules
---
## MikroTik Container Management Alternatives
Since Portainer cannot connect to MikroTik, use these methods instead:
### 1. RouterOS CLI (SSH)
```bash
# From Unraid
ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1
# List containers
/container/print
# Start/stop containers
/container/start 0
/container/stop 0
# View logs
/log/print where topics~"container"
```
### 2. WinBox/WebFig
Access MikroTik web interface at `http://192.168.31.1` to manage containers via GUI.
### 3. RouterOS REST API
MikroTik RouterOS 7+ has a REST API that can be used for automation:
```
GET https://192.168.31.1/rest/container
```
---
## Current Status Summary
| Component | Status | Access |
|-----------|--------|--------|
| Portainer (Unraid) | ✅ Running | http://100.100.208.70:9002 |
| Unraid Docker | ✅ Connected | Via Portainer |
| MikroTik Containers | ⚠️ Separate | Via RouterOS CLI |
---
## Rollback Plan
If Portainer issues occur:
```bash
docker stop portainer && docker rm portainer
```
---
## Related Documents
- [00-CURRENT-STATE.md](./00-CURRENT-STATE.md) - Infrastructure overview
Reference in New Issue View Git Blame Copy Permalink