AlmaLinuxRHEL Based

How To Install Rancher on AlmaLinux 10

Install Rancher on AlmaLinux 10

Container orchestration has become the backbone of modern infrastructure management. Rancher stands out as one of the most powerful and user-friendly Kubernetes management platforms available today. When combined with AlmaLinux 10’s enterprise-grade stability, this combination creates a robust foundation for managing containerized applications at scale.

This comprehensive guide walks you through the complete installation process of Rancher on AlmaLinux 10. Whether you’re a system administrator looking to streamline cluster management or a DevOps engineer seeking efficient container orchestration, this tutorial provides everything needed for a successful deployment. By following these detailed instructions, you’ll have a fully functional Rancher installation capable of managing multiple Kubernetes clusters through an intuitive web interface.

Table of Contents

What Makes Rancher and AlmaLinux 10 the Perfect Combination

Rancher simplifies Kubernetes cluster management through its centralized dashboard, making complex container orchestration accessible to teams of all skill levels. Its multi-cluster management capabilities, integrated monitoring tools, and comprehensive security features have made it a preferred choice for organizations worldwide.

AlmaLinux 10 brings enterprise-level reliability with its Red Hat Enterprise Linux compatibility, ensuring stability and long-term support for production environments. This operating system provides the solid foundation necessary for running mission-critical containerized workloads.

Prerequisites and System Requirements

Hardware Specifications for Optimal Performance

Before beginning the installation process, ensure your system meets the minimum requirements for running Rancher effectively. The hardware specifications directly impact performance and the number of clusters you can manage simultaneously.

Your AlmaLinux 10 server requires at least 2 vCPUs for basic functionality, though 4 vCPUs are recommended for production environments. Memory requirements start at 2 GB RAM minimum, with 4-8 GB recommended depending on your expected workload. Disk space needs begin at 20 GB for the base system and container storage, but allocating 50-100 GB provides better performance and growth capacity.

Network connectivity remains crucial for container image downloads and cluster communication. A persistent internet connection with adequate bandwidth ensures smooth operation during peak usage periods.

Software Prerequisites and Dependencies

A fresh AlmaLinux 10 installation provides the cleanest starting point for Rancher deployment. Ensure you have root access or sudo privileges, as the installation process requires elevated permissions for system modifications and service management.

SSH access becomes essential for remote server management, especially in production environments where direct console access may be limited. Configure SSH key authentication for enhanced security before proceeding with the installation.

Network and Security Configuration Requirements

Rancher requires specific network ports for proper operation. HTTP traffic uses port 80, while HTTPS connections utilize port 443. Docker’s container communication needs various ephemeral ports, typically in the 30000-32767 range for NodePort services.

Firewall configuration must allow these ports while maintaining security best practices. SELinux settings require adjustment to accommodate container operations without compromising system security.

System Preparation and Environment Setup

Updating AlmaLinux 10 Packages

Begin by updating your AlmaLinux 10 system to ensure all packages are current and security patches are applied. This step prevents compatibility issues and provides the latest bug fixes.

sudo dnf update -y
sudo dnf clean all
sudo dnf makecache

The update process may take several minutes depending on your internet connection and the number of packages requiring updates. Reboot the system after major kernel updates to ensure all changes take effect properly.

Configuring SELinux for Container Operations

SELinux provides additional security layers but requires configuration for container operations. While production environments benefit from maintaining SELinux in enforcing mode, initial installations often work better with permissive mode.

sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config

This configuration allows containers to operate while maintaining SELinux policies for the base system. Advanced users can configure specific SELinux policies for container operations instead of using permissive mode.

Firewall Configuration for Rancher Services

Configure the firewall to allow necessary traffic while maintaining security. AlmaLinux 10 uses firewalld as the default firewall management tool.

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=2376/tcp
sudo firewall-cmd --permanent --add-port=2379-2380/tcp
sudo firewall-cmd --reload

These rules enable HTTP, HTTPS, Docker daemon, and etcd communication ports essential for Rancher operation.

Network Configuration and Hostname Setup

Set an appropriate hostname for your Rancher server to ensure proper identification within your network infrastructure. A descriptive hostname helps with management and troubleshooting.

sudo hostnamectl set-hostname rancher.yourdomain.com
echo "127.0.0.1 rancher.yourdomain.com" | sudo tee -a /etc/hosts

Verify DNS resolution works correctly, as Rancher relies on proper name resolution for cluster communication and certificate validation.

Docker Installation and Configuration

Adding the Official Docker Repository

AlmaLinux 10 requires the official Docker CE repository for installation. This ensures you receive the latest stable Docker version with security updates and bug fixes.

sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf makecache

The repository addition process downloads and verifies the repository metadata, preparing your system for Docker package installation.

Installing Docker Components

Install the complete Docker CE package suite, including the daemon, CLI tools, and containerd runtime. These components work together to provide full container functionality.

sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

The installation process automatically resolves dependencies and installs required system libraries. If installation fails due to repository issues, download the packages manually from Docker’s official website.

Docker Service Configuration and Optimization

Start and enable the Docker service to ensure automatic startup after system reboots. Proper service configuration prevents service interruptions and maintains container availability.

sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker

Add your user account to the docker group to avoid requiring sudo for every Docker command. This change requires logging out and back in to take effect.

sudo usermod -aG docker $USER
newgrp docker

Docker System Verification

Verify Docker installation by running the hello-world container. This test confirms proper installation and network connectivity for image downloads.

docker run hello-world

Successful execution indicates Docker is properly installed and configured for container operations.

Advanced Docker Configuration for Rancher

Optimize Docker settings for Rancher workloads by configuring the daemon with appropriate logging and storage drivers. Create the Docker daemon configuration file:

sudo mkdir -p /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "storage-driver": "overlay2"
}
EOF

Restart Docker to apply the new configuration settings:

sudo systemctl restart docker

Rancher Container Deployment

Downloading the Rancher Server Image

Pull the latest Rancher server image from Docker Hub. The stable release provides the most reliable experience for production deployments.

docker pull rancher/rancher:latest

For production environments, consider using a specific version tag instead of “latest” to maintain consistency across deployments and enable easier rollbacks if needed.

Container Launch with Complete Configuration

Deploy the Rancher container with the full command including all necessary options for production use:

docker run -d --restart=unless-stopped \
  --name rancher-server \
  -p 80:80 -p 443:443 \
  --privileged \
  rancher/rancher:latest

This command creates a detached container that automatically restarts unless manually stopped. The port mappings expose Rancher’s web interface on standard HTTP and HTTPS ports.

Understanding Container Configuration Options

The --privileged flag grants the container access to host system resources necessary for managing other containers and clusters. While this increases security considerations, it’s required for full Rancher functionality.

The --restart=unless-stopped policy ensures the Rancher container automatically restarts after system reboots or unexpected crashes, maintaining service availability.

Advanced Container Deployment Options

For enhanced data persistence and backup capabilities, mount external volumes for Rancher data:

docker run -d --restart=unless-stopped \
  --name rancher-server \
  -p 80:80 -p 443:443 \
  --privileged \
  -v /opt/rancher:/var/lib/rancher \
  rancher/rancher:latest

This configuration stores Rancher data in /opt/rancher on the host system, enabling easier backups and data recovery.

Container Health Verification and Monitoring

Monitor the Rancher container startup process by checking logs and container status:

docker ps
docker logs rancher-server

The startup process typically takes 2-3 minutes as Rancher initializes its internal database and prepares the web interface. Watch the logs for any error messages that might indicate configuration problems.

SSL Certificate Configuration and Security

Default SSL Certificate Behavior

Rancher automatically generates self-signed SSL certificates for immediate functionality. While suitable for testing environments, production deployments should use trusted certificates from recognized certificate authorities.

The self-signed certificate causes browser security warnings that users must accept to access the interface. This behavior is normal and expected during initial setup.

Custom SSL Certificate Integration

For production environments, integrate custom SSL certificates by mounting certificate files into the container:

docker run -d --restart=unless-stopped \
  --name rancher-server \
  -p 80:80 -p 443:443 \
  --privileged \
  -v /opt/rancher/certs/tls.crt:/etc/rancher/ssl/cert.pem \
  -v /opt/rancher/certs/tls.key:/etc/rancher/ssl/key.pem \
  -v /opt/rancher/certs/cacerts.pem:/etc/rancher/ssl/cacerts.pem \
  rancher/rancher:latest

Ensure certificate files have proper permissions and are readable by the container user.

Initial Access and Configuration

Accessing the Rancher Web Interface

Open your web browser and navigate to your server’s IP address or hostname using HTTPS. The initial connection may display security warnings due to self-signed certificates.

https://your-server-ip

Accept the security warning to proceed to the Rancher login page. Modern browsers require explicit acceptance of self-signed certificates.

Install Rancher on AlmaLinux 10

First-Time Setup and Administrator Account

The initial setup wizard guides you through creating the administrator account and configuring basic settings. Choose a strong password meeting complexity requirements for enhanced security.

Set the Rancher Server URL to match your server’s hostname or IP address. This URL is used by managed clusters to communicate with the Rancher server, so ensure it’s accessible from all nodes.

Authentication Provider Configuration

Configure authentication providers based on your organization’s requirements. Local authentication works for small deployments, while larger organizations benefit from LDAP, Active Directory, or OAuth integration.

The authentication setup determines how users access Rancher and what permissions they receive. Plan your authentication strategy before configuring multiple clusters.

Initial Project and Namespace Setup

Rancher creates default projects and namespaces during initial setup. Understanding these organizational structures helps with resource management and access control as your deployment grows.

Projects provide logical groupings for related applications and services, while namespaces offer finer-grained resource isolation within projects.

Post-Installation Optimization and Management

System Monitoring and Health Checks

Implement monitoring for both the Rancher container and the underlying AlmaLinux 10 system. Regular health checks prevent issues before they impact service availability.

Monitor container resource usage with:

docker stats rancher-server

Set up log rotation to prevent log files from consuming excessive disk space:

sudo logrotate -f /etc/logrotate.conf

Backup and Recovery Procedures

Establish regular backup procedures for Rancher data and configuration. The mounted data directory contains all cluster definitions, user settings, and application configurations.

Create automated backups using cron jobs:

#!/bin/bash
BACKUP_DIR="/backups/rancher/$(date +%Y%m%d-%H%M%S)"
mkdir -p $BACKUP_DIR
cp -r /opt/rancher $BACKUP_DIR/
docker exec rancher-server kubectl get all --all-namespaces > $BACKUP_DIR/cluster-state.yaml

Test backup restoration procedures regularly to ensure data recovery works when needed.

Performance Tuning and Optimization

Optimize system performance by adjusting kernel parameters for container workloads:

echo 'net.bridge.bridge-nf-call-iptables=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

These settings improve network performance for containerized applications and cluster communication.

Troubleshooting Common Issues

Installation and Startup Problems

Docker service failures often result from insufficient system resources or conflicting services. Check system logs for detailed error messages:

sudo journalctl -u docker.service -f

Container image download failures typically indicate network connectivity issues or repository access problems. Verify internet connectivity and DNS resolution:

nslookup docker.io
ping -c 4 8.8.8.8

Access and Authentication Issues

Web interface connectivity problems often stem from firewall configuration or SSL certificate issues. Verify port accessibility:

sudo netstat -tlnp | grep :443
curl -k https://localhost

Authentication provider integration failures require checking provider-specific logs and network connectivity to authentication servers.

Performance and Resource Issues

High memory usage may indicate insufficient system resources or memory leaks. Monitor container resource consumption and adjust limits if necessary:

docker update --memory=4g rancher-server

Container restart loops usually indicate configuration errors or resource constraints. Check container logs for specific error messages and system resource availability.

SELinux and Security Context Problems

SELinux denials appear in audit logs and can prevent proper container operation. Check for denials:

sudo ausearch -m avc -ts recent

Generate custom SELinux policies for persistent issues, or adjust file contexts for mounted volumes:

sudo chcon -Rt container_file_t /opt/rancher

Security Best Practices and Hardening

Container Security Implementation

Run containers with minimal privileges when possible, though Rancher requires privileged access for full functionality. Regularly scan container images for vulnerabilities:

docker scan rancher/rancher:latest

Keep container images updated with the latest security patches by regularly pulling new versions and redeploying containers.

Network Security and Access Control

Implement network segmentation using firewall rules and VLANs to isolate cluster traffic from general network traffic. Configure VPN access for remote administration to encrypt management communications.

Use strong firewall rules that allow only necessary traffic:

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' port protocol='tcp' port='443' accept"
sudo firewall-cmd --reload

Authentication and Authorization Controls

Implement multi-factor authentication for administrator accounts and enforce strong password policies. Configure role-based access control (RBAC) to limit user permissions based on job responsibilities.

Regular audit user access and remove unused accounts to maintain security hygiene.

Monitoring and Audit Logging

Enable comprehensive logging for security monitoring and compliance requirements. Configure log forwarding to centralized logging systems for better visibility:

docker run -d --restart=unless-stopped \
  --name rancher-server \
  -p 80:80 -p 443:443 \
  --privileged \
  -e AUDIT_LEVEL=2 \
  rancher/rancher:latest

Set up automated alerts for security events and unusual access patterns.

Advanced Configuration and Next Steps

High Availability and Scaling

Migrate from single-node deployments to high-availability configurations as your infrastructure grows. HA setups require load balancers and shared storage for optimal reliability.

Plan for multi-region deployments if geographic distribution becomes necessary for performance or compliance requirements.

CI/CD Pipeline Integration

Integrate Rancher with continuous integration and deployment pipelines for automated application deployment. GitOps workflows provide declarative infrastructure management and improved change tracking.

Configure container registries for storing private application images and implementing image scanning policies.

Advanced Rancher Features

Explore Rancher’s advanced features like Fleet for GitOps management, integrated monitoring with Prometheus and Grafana, and policy enforcement with OPA Gatekeeper.

These features provide enterprise-grade capabilities for managing large-scale container deployments across multiple clusters and environments.

Congratulations! You have successfully installed Rancher. Thanks for using this tutorial for installing Rancher on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official Rancher website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button