diff --git a/_data/toc.yaml b/_data/toc.yaml index 543b497253..50f75148d7 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1486,6 +1486,8 @@ manuals: title: Deploy Datacenter on AWS - path: /datacenter/install/linux/ title: Deploy Datacenter on Linux + - path: /datacenter/install/azure/ + title: Deploy Datacenter on Azure - sectiontitle: Universal Control Plane section: - path: /datacenter/ucp/2.1/guides/ diff --git a/datacenter/images/ddc-azure-architecture.png b/datacenter/images/ddc-azure-architecture.png new file mode 100644 index 0000000000..9963335a30 Binary files /dev/null and b/datacenter/images/ddc-azure-architecture.png differ diff --git a/datacenter/images/ddc-azure-basics-blade.png b/datacenter/images/ddc-azure-basics-blade.png new file mode 100644 index 0000000000..a4e90d39b6 Binary files /dev/null and b/datacenter/images/ddc-azure-basics-blade.png differ diff --git a/datacenter/images/ddc-azure-choose-vm-blade.png b/datacenter/images/ddc-azure-choose-vm-blade.png new file mode 100644 index 0000000000..77e6ab46d6 Binary files /dev/null and b/datacenter/images/ddc-azure-choose-vm-blade.png differ diff --git a/datacenter/images/ddc-azure-load-balancers-ip-addys.png b/datacenter/images/ddc-azure-load-balancers-ip-addys.png new file mode 100644 index 0000000000..62df93aa94 Binary files /dev/null and b/datacenter/images/ddc-azure-load-balancers-ip-addys.png differ diff --git a/datacenter/images/ddc-azure-marketplace-search.png b/datacenter/images/ddc-azure-marketplace-search.png new file mode 100644 index 0000000000..56120b5272 Binary files /dev/null and b/datacenter/images/ddc-azure-marketplace-search.png differ diff --git a/datacenter/images/ddc-azure-outputs.png b/datacenter/images/ddc-azure-outputs.png new file mode 100644 index 0000000000..4dc8bbda72 Binary files /dev/null and b/datacenter/images/ddc-azure-outputs.png differ diff --git a/datacenter/images/ddc-azure-resource-group-blade.png b/datacenter/images/ddc-azure-resource-group-blade.png new file mode 100644 index 0000000000..467978e955 Binary files /dev/null and b/datacenter/images/ddc-azure-resource-group-blade.png differ diff --git a/datacenter/images/ddc-azure-settings-blade.png b/datacenter/images/ddc-azure-settings-blade.png new file mode 100644 index 0000000000..37ccb685e4 Binary files /dev/null and b/datacenter/images/ddc-azure-settings-blade.png differ diff --git a/datacenter/install/azure.md b/datacenter/install/azure.md new file mode 100755 index 0000000000..7b474e7808 --- /dev/null +++ b/datacenter/install/azure.md @@ -0,0 +1,254 @@ +--- +title: Deploy Docker Enterprise Edition on Azure (Standard/Advanced) +description: Learn how to deploy Docker EE for Azure (Standard/Advanced) quickly, by using the Azure portal. +keywords: docker, enterprise edition, azure, docker ee, docker datacenter, install, orchestration, manage, container, deploy, provision, azure resource manager, arm template +--- + +Deploy Docker Enterprise Edition for Azure (Standard/Advanced) quickly +to the Azure cloud by using the [Azure portal](https://portal.azure.com). +The deployment workflow creates multiple nodes with Docker EE, and it installs +highly available versions of +[Universal Control Plane (UCP)](https://docs.docker.com/datacenter/ucp/2.1/guides/) +and [Docker Trusted Registry (DTR)](https://docs.docker.com/datacenter/dtr/2.2/guides/). +For more info, see +[Docker Enterprise Edition](https://www.docker.com/enterprise-edition). + +> **Note**: You may see references to the earlier brand name, "Docker Datacenter" +> and "DDC".These names are equivalent with Docker Enterprise Edition for Azure. + +## Prerequisites for deploying Docker EE for Azure + +- A [Docker Enterprise Edition](https://store.docker.com/editions/enterprise/docker-ee-trial?tab=description) + license. You can get a 30-day free trial subscription from the + [Docker Store](https://store.docker.com/editions/enterprise/docker-ee-trial?plan=free-trial&plan=free-trial&tab=description). + For questions on licenses, contact + [sales@docker.com](mailto:sales@docker.com). +- An Azure account with sufficient privileges for creating resource groups, + like the [Visual Studio Ultimate with + MSDN](https://msdn.microsoft.com/en-us/subscriptions/aa336858.aspx) + subscription. +- Service Principal access credentials, which you can generate by following + the steps in [Docker for Azure Setup and + Prerequisites](https://docs.docker.com/docker-for-azure/#configuration). +- An SSH public/private key pair, which you can generate by following the + steps in + [How to create and use an SSH public and private key pair for Linux VMs in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys)]. + Save the public and private keys in a convenient location, + like in the same directory as the Docker license, and be sure to remember + the password for the key pair. + +## Provision the Docker EE cluster on Azure + +1. In a web browser, go to the [Azure portal](https://portal.azure.com). +2. Click **+New**. + The Marketplace blade opens. +3. In the search box, type "Docker EE", and press Enter. +4. In the search results, click **Docker EE for Azure (Standard/Advanced)**. + The product description blade opens. +5. At the bottom of the blade, click **Create**. The Create Docker EE for + Azure blade opens. +6. In the Basics pane, fill in the required fields. + - Copy the **Service Principal** values from the shell that you used + to run `create-sp-azure`. + - Copy the **SSH public key** value from the key file that you saved + when you ran `ssh-keygen` or similar tool. + - For this example, the **Swarm Name** is "ddcevalswarm" and the + **Resource group** name is "ddcevalrg", but you're free to choose + your own values. + + When you're done, the form will be similar to this: + + ![The Basic blade of a Docker EE for Azure deployment](../images/ddc-azure-basics-blade.png) + +7. Click **OK**. The Docker EE Settings blade opens. + +8. In the Settings blade, fill in the required fields. When you're done, the + form will be similar to this: + + ![The Settings blade of a Docker EE for Azure deployment](../images/ddc-azure-settings-blade.png) + + The **DDC Username** and **DDC Password** fields are for logging in to the + UCP and DTR user interfaces. They're not used for SSH access. + + Be sure to select the size of the virtual machines for the manager nodes + and worker nodes. For example, click **Worker VM Size** to open the Choose + a Size blade, and click **View all** to browse all of the compute offerings. + Azure has a wide range of computing power options, and the pricing + calculator estimates the monthly cost for each option. + + ![The Choose a VM Size blade of a Docker EE for Azure deployment](../images/ddc-azure-choose-vm-blade.png) + + > **Note**: It's possible to select more compute than your Azure subscription + > permits. If you exceed your limit, the Summary blade in the next step will + > notify you, and you can return to the Settings blade to select different VM + > sizes, or you can add more capacity to your subscription. For more info, see + > [Resource Manager core quota increase requests](https://docs.microsoft.com/en-us/azure/azure-supportability/resource-manager-core-quotas-request). + +9. Click **OK**. The Summary blade opens, and Azure validates the settings + that you've entered. If some of your settings don't pass validation, you + can go back to earlier steps and fix them. + + > **Tip**: At the bottom of the blade, click **Download template and parameters** + > to save the generated Azure Resource Manager (ARM) template to your + > local machine. For more info, see + > [Create your first Azure Resource Manager template](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-create-first-template). + +10. Click **OK**. The Purchase blade opens and displays the terms of use. If + you agree, click **Purchase**. The Azure Dashboard opens, and a tile shows + **Deploying Docker EE for Azure**. When your resources are deployed, after + a few minutes, a blade opens for the deployed resource group. + + ![The resource group blade of a Docker EE for Azure deployment](../images/ddc-azure-resource-group-blade.png) + +## What's in the new resource group? + +Everything you need to run Docker EE is deployed, and the resource group +collects it all in one place. The ARM template defines the architecture +as shown in the following diagram. + +![Architecture diagram of a Docker EE for Azure deployment](../images/ddc-azure-architecture.png) + +Here are some of the resources that are included in the resource group. + +- **Public IP addresses:** You connect to UCP and DTR by pointing your + browser at the corresponding load balancers. Also, you can SSH to + manager nodes. + + ![IP addresses of a Docker EE for Azure deployment](../images/ddc-azure-load-balancers-ip-addys.png) + +- **Node scale sets:** Virtual machine scale sets for the manager and worker + nodes. For more info, see [What are virtual machine scale sets in Azure?](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview) +- **Virtual network:** Click the virtual network resource, which has a name + similar to `ddcevalswarm-vnet`, to examine its architecture. In the left pane, + click **Diagram** to see the network diagram. +- **Storage:** The Docker EE deployment sets up Azure storage for your images. + The storage account has a name similar to `f4ybe46tzepm4dtr`. + The DTR user interface enables viewing details, on the Settings > Storage + page. + +## View the UCP and DTR interfaces + +Manage Docker EE by connecting your web browser to the UCP and the DTR +load balancers. + +1. In the left pane of the resource group blade, click **Deployments**. + The Deployments blade opens, showing your Docker EE for Azure deployment. + Click the deployment with a name similar to + `docker.dockerdatacenterdocker-datacenter-20170413151533` + to open the Deployment Details blade. + + ![Output URLs of an Docker EE for Azure deployment](../images/ddc-azure-outputs.png) + +2. In the **Output** section, copy the URL in `UCPLOGINURL` and + paste it into a web browser. The UCP login page opens. To login, use the + DDC username and password you entered in the Settings blade. + +3. Copy the URL in `DTRLOGINURL` and paste it into a new tab in the + web browser. The DTR interface page opens. + +## Connect to a manager node with SSH + +In addition to managing Docker EE with the user interface, you can +connect to a manager node by using SSH. You need the private key that +corresponds with the public key that you provided when you created the Docker EE +deployment. When you `ssh` to a manager node, login with the username `docker`, +not the username you entered in the Settings blade, which is for UI. + +```bash +$ ssh docker@ucplb-feykn7mj53x5q.westus.cloudapp.azure.com -p 50000 -i private-key.rsa +Enter passphrase for key 'private-key.rsa': +Welcome to Docker! +swarm-manager000000:~$ +``` + +> **Note**: In Azure, the first Docker EE manager node maps the default +> SSH port 22 to port 50000. Subsequent manager nodes map to port 50001, 50002, +> and so on. + + +In the manager node, you can run `docker` commands, like pulling an image and +starting a containerized application. + +## Set up the DTR certificate authority + +To pull and push images to Docker Trusted Registry from a local +machine, you need to establish trust between the local Docker daemon and DTR on +Azure. Establish a trust relationship by registering the DTR certificate on +the local machine. Follow the steps in +[Configure your Docker Engine](https://docs.docker.com/datacenter/dtr/2.2/guides/user/access-dtr/). + +Get the certificate from `https:///ca`, which is +available through the URL of the DTR load balancer. The certificate's URL +looks like `https://dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ca`. + +> **Note**: Be sure to restart the Docker daemon on the local machine after +> you've installed the certificate, or you'll get X.509 errors when you +> try `docker login`. + +## Create an image repository in DTR for Azure + +When the certificate authority on your local machine is set up, you can push an +image into the registry on Azure. Images live in a repository, so you need to +create a repository in DTR to register images. + +1. In a web browser, navigate to the DTR Repositories page, which has a URL + similar to `https://dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/repositories`. +2. Click **New repository** and enter a repository name. +3. Click **Scan on push** to enable security scanning on pushed images. +4. Click **Save** to create the repository. + +## Push an image to DTR for Azure + +The DTR repository is ready to receive images, and you can push images to it, +in the same way that you push images to [Docker Store](https://store.docker.com/). + +1. On the local machine, login to the DTR repository by using a + `docker login` command similar to this: + + ```bash + $ docker login dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com + ``` + + When you're prompted for the username and password, you can use the values + that you entered in the Settings blade, or you can create new users in the + DTR user interface, and sign in with those credentials. +2. Pull an image, like `golang:1.7`. + + ```bash + $ docker pull golang:1.7 + ``` + +3. Tag the image for the remote repository. The command is similar to this: + + ```bash + $ docker tag golang:1.7 dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ddcadmin/azuretest:golang1.7 + ``` + +4. Push the tag to the remote repository. + + ``` + $ docker push dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ddcadmin/azuretest:golang1.7 + ``` + +5. In the DTR user interface, navigate to the Repositories page and click on your + repository. The Details page opens. +6. Click **Images**. Your image appears in the list, and if you selected + **Scan on push** when you created the repository, the scan is in progress. + +## Docker EE component versions + +Docker Enterprise Edition for Azure is based on the following stack: + +- Linux kernel 4.9.11-moby +- Docker UCP 2.1.1 +- Docker Trusted Registry 2.2.3 +- Docker Engine 17.03.0-ee-1 + +## Next steps + +For more info on deploying Docker Enterprise Edition for Azure, see: + +- [Docker Enterprise Edition Trial at Docker Store](https://store.docker.com/editions/enterprise/docker-ee-trial?tab=description) +- [Docker EE for Azure (Standard/Advanced) in Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/docker.dockerdatacenter) +- [Deploying Docker EE on Azure and solving common issues](https://blogs.msdn.microsoft.com/azure4fun/2017/04/15/deploying-docker-ee-on-azure-solving-common-issues/) +- [Video: Hands-On - Provisioning Docker Enterprise Edition on Azure](https://www.youtube.com/watch?v=e1H0hNe0PnQ)