docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rough pass on tutorial so joao can see 

Signed-off-by: LRubin <lrubin@docker.com>
This commit is contained in:
LRubin 2016-10-05 15:31:58 -07:00 committed by Joao Fernandes
parent b838999ee0
commit a2bddfece9
2 changed files with 241 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
install-sandbox.md
View File

@ -87,7 +87,7 @@ Set up the nodes for your evaluation:
``` ```
$ docker-machine create -d virtualbox \ $ docker-machine create -d virtualbox \
--virtualbox-memory "2000" \ --virtualbox-memory "2000" \
--virtualbox-disk-size "5000" node1 \ --virtualbox-disk-size "5000" node1
``` ```
When you create your virtual host you specify the memory and disk size When you create your virtual host you specify the memory and disk size
@ -196,7 +196,7 @@ host for the controller works fine.
supplied to replace it with the actual IP address. supplied to replace it with the actual IP address.
The first time you run the `ucp` tool, the `docker run` command pulls the The first time you run the `ucp` tool, the `docker run` command pulls the
UCP bootstrapper image from Docker Hub. The tool downloads the packages it UCP bootstrapper image from Docker Cloud. The tool downloads the packages it
needs, and verifies that your system will support a UCP installation. needs, and verifies that your system will support a UCP installation.
4. Enter a password for UCP when prompted, and then confirm it. 4. Enter a password for UCP when prompted, and then confirm it.
@ -214,8 +214,8 @@ host for the controller works fine.
individual "leaf certificates." individual "leaf certificates."
When it completes, the `ucp` tool prompts you to log in into the UCP web When it completes, the `ucp` tool prompts you to log in into the UCP web
interface when it completes, and gives you its location. You'll do this so interface and gives you its location. You'll do this in the next stepo so
you can install a license in the next step. you can install a license.
## Step 3. License your installation ## Step 3. License your installation
@ -395,23 +395,6 @@ Now that you have your DTR instance up and running, we'll link it to your UCP in
* [Install UCP for production](installation/install-production.md). * [Install UCP for production](installation/install-production.md).
<!--
## Step N + ?: Allow Docker to touch insecure registries?
Now, we're going to make sure that our UCP instance running on node1 can pull images from this self-signed registry on node2. We do this by specifying that there is one insecure registry that we'll allow the Docker instance on `node1` (the UCP node) to connect to. And we'll specify this by editing the configuration file where docker-machine stores `node1`'s configuration details.
1. Edit the file found at `~/.docker/machine/machines/node1/config.json` using your preferred text editor.
For example `$ vi ~/.docker/machine/machines/node1/config.json`
2. Locate `InsecureRegistry` key in `EngineOptions` section, and add your DTR instance's IP between the brackets, enclosed in quotes.
For example, `"InsecureRegistry": ["192.168.99.100"],`
3. Save your changes to the file and exit.
4. Run the command `docker-machine provision node1` to update `node1`'s configuration with the new `InsecureRegistry` setting.
This allows you to push docker images to, and pull docker images from, the registry on `node2`.
-->
<!-- Wat. <!-- Wat.
Take a minute and explore UCP. At this point, you have a single controller Take a minute and explore UCP. At this point, you have a single controller

406
tutorial-sandbox.md
View File

@ -1,6 +1,6 @@
<!--[metadata]> <!--[metadata]>
+++ +++
title = "Evaluate DDC in a sandbox " title = "Evaluate DDC in a sandbox"
description = "Evaluation installation" description = "Evaluation installation"
keywords = ["tbd, tbd"] keywords = ["tbd, tbd"]
[menu.main] [menu.main]
@ -13,24 +13,227 @@ weight=10
# Evaluate DDC in a sandbox deployment # Evaluate DDC in a sandbox deployment
This tutorial assumes that you have [installed and configured](install-sandbox.md) a two-node DDC installation of UCP and DTR using the instructions [here](install-sandbox.md). If you haven't done this, we can't promise that this tutorial workflow will work exactly the same. This tutorial assumes that you have [installed and configured](install-sandbox.md) a two-node Docker Datacenter installation including both UCP and DTR using the instructions [here](install-sandbox.md). If you haven't done this, we can't promise that this tutorial workflow will work exactly the same.
In the second half of this tutorial, we'll walk you through a typical deployment workflow using your sandbox installation of DDC as if it was a production instance installed on your organization's network.
In the second half of this tutorial, we'll walk you through a normal deployment workflow using your sandbox installation of DDC as if it was a production instance installed on your organization's network.
Over the course of this tutorial, we will: Over the course of this tutorial, we will:
- Set up your shell so you can interact with Docker obejects in UCP using the command line . - Create a repository in DTR
- pull a Docker image, edit it and tag it, - Set up certificates or set insecure flag
- Create a repository in DTR, and push your edited image to that repo. - Pull a Docker image, tag it and push it to your DTR repo.
- - Edit the Docker image you just pulled, tag it and push it to your DTR repo.
- Set up your shell so you can interact with Docker objects in UCP using the command line
- Use UCP to deploy your edited image to a node
## Set --insecure registry or set up DTR trust and login
Next, we'll set up a security exception that allows a specific Docker-machine to push images to DTR even though the DTR instance has a self-signed certificate. For a production deployment, you would [set up certificate trust](https://docs.docker.com/ucp/configuration/dtr-integration/) between UCP and DTR, and [between DTR and your Docker Engine](https://docs.docker.com/docker-trusted-registry/repos-and-images/), but for our sandbox deployment we can skip this.
> **Warning**: These steps produce an insecure DTR connection. Do not use these configuration steps for a production deployment.
To allow your shell to connect to DTR despite it having a self-signed certificate, we'll specify that there is one insecure registry that we'll allow the Docker instance on `node1` (the UCP node) to connect to. We'll add this exception by editing the configuration file where docker-machine stores `node1`'s configuration details.
1. Edit the file found at `~/.docker/machine/machines/node1/config.json` using your preferred text editor.
For example `$ vi ~/.docker/machine/machines/node1/config.json`
2. Locate `InsecureRegistry` key in `EngineOptions` section, and add your DTR instance's IP between the brackets, enclosed in quotes.
For example, `"InsecureRegistry": ["192.168.99.100"],`
3. Save your changes to the file and exit.
4. Run the command `docker-machine provision node1` to update `node1`'s configuration with the new `InsecureRegistry` setting.
This allows you to push docker images to, and pull docker images from, the registry running on `node2`.
## Step 10. Download a client bundle ## Step 1: Create an image repository in DTR
In this step, you download the *client bundle*, which contains the certificates In this step, we'll create an image repository in DTR that you will be able to push Docker images to. Remember a Docker image is a combination of code and filesystem used as a template to create a container.
so your shell can connect to UCP, and a script to configure a shell environment
with them. 1. In your web browser, go to the DTR web UI.
If you need help finding the URL for this host, you can use `docker-machine ls` to find the IP for `node2` where you installed it.
2. Log in to DTR using your administrator credentials.
3. Navigate to the Repositories screen and click New Repository.
4. In the repository name field, enter `my-nginx`.
5. Click **Save**.
## Step 2: Pull an image, tag and push to DTR
1. In your terminal, make sure `node1` is active using `docker-machine ls`.
This is the node that you configured the security exception for, and if you are connecting to a Docker Engine without this exception you won't be able to push to your DTR instance.
If necessary, use `docker-machine env` to make `node1` active.
```none
$ eval "$(docker-machine env node1)"
```
2. Pull the latest Nginx image by running `docker pull ngnix:latest`
Because you aren't specifying a registry as part of the `pull` command, Docker Engine locates and downloads the latest `ngnix` image from Docker Cloud's registry.
2. Log in to your DTR instance on `node2` using the `docker login` command.
```none
docker login $DTR_IP
```
Enter your administrator username and password when prompted.
3. Tag the `nginx` image you downloaded.
Use the IP of your DTR instance to specify the repository path, and the .
`docker tag nginx:latest [$DTR]/admin/my-nginx:official`
4. Push the tagged image to your DTR instance.
`docker push my-nginx:official $DTR_IP/admin/my-nginx:official`
You now have a copy of the official Nginx Docker image available on your sandbox DTR instance.
## Step 3. Deploy a container from the UCP web interface
UCP allows you to deploy and manage "Dockerized" applications in production. An
application is built using Docker objects, such as images and containers, and
Docker resources, such as volumes and networks.
UCP deploys and manages these objects and resources using remote API calls to
the Engine daemons running on the nodes. For example, the `run` action may
deploy an image in a Docker container. That image might define a service such as
an Nginx web server or a database like Postgres.
A UCP administrator initiates Engine actions using the UCP dashboard or the
Docker Engine CLI. In this step, you deploy a container from the UCP dashboard.
The container runs an Nginx server, so you'll need to launch the `nginx` image
inside of it.
1. Log in to the UCP **Dashboard**.
2. Click **Containers**.
The system displays the **Containers** page.
> **Tip**: UCP runs some containers that support its own operations called
"system" containers. These containers are hidden by default.
3. Click **+ Deploy Container**.
UCP provides a dialog for you to enter configuration options for the container. For this example, we'll deploy a simple `nginx` container using specific values for each field. If you already know what you're doing, feel free to explore once you've completed this example.
4. Enter `nginx` for the image name.
An image is a specific build of software you want to run. The software might
be a stand-alone application, or component software necessary to support a
complex service.
5. Enter `nginx_server` for the container name.
This name just identifies the container on your network.
6. Click **Network** to expand the networking settings.
A Docker container is isolated from other processes on your network and has its own internal network configuration. To access the service inside a container, you need to expose the container's port, which maps to a port on the node. The node is hosting an instance of Docker Engine, so its port is called the **Host Port**.
7. Enter `443` in the **Port** field and enter `4443` the **Host Port** field.
We're mapping port 443 in the container to a different port on the host because your UCP instance is already serving the web interface on port 443.
8. Click the plus sign to add another **Port**.
9. For this port, enter `80` in the **Port** field, and enter `8080` in the **Host Port** field.
When you are done, your dialog should look like this:
![Port configuration](images/port_config.png)
10. Click **Run Container** to deploy the container.
![Deployed](images/display_container.png)
## Step 9. View a running service
At this point, you have deployed a container and you should see the container
status is `running`. Recall that you deployed an Nginx web server. That server
comes with a default page that you can view to validate that the server is
running. In this step, you open the running server.
1. Navigate back to the **Containers** page.
2. Click the nginx container.
![Edit](images/container_edit.png)
The system displays the container's details and some operations you can run on the container.
3. Scroll down to the ports section.
You'll see an IP address with port `8080` for the server.
4. Copy the IP address to your browser and paste the information you copied.
You should see the welcome message for nginx.
![Port 80](images/welcome_nginx.png)
## Step 4: Edit your image, tag, and push
In this step, we'll edit the Nginx image so that it shows a customized webpage when you run it in a container. Then we'll tag the edited image, and push it to DTR so you can deploy it using UCP.
2. Change to your user `$HOME` directory.
```none
$ cd $HOME
```
2. Make a `site` directory and open it.
```none
$ mkdir site
$ cd site
```
4. Create an `index.html` file.
```none
$ echo "my new site" > index.html
```
5. Copy the `site` directory to the `node1` VM's file system.
This allows you to copy files from the file system into a container.
`docker-machine scp $HOME/site/ node1:~/site`
5. Start a new `nginx` container and replace the `html` folder with your `site` directory.
```none
$ docker run -d -P -v $HOME/site:/usr/share/nginx/html --name mysite nginx
```
This command runs an `nginx` image in a container called `mysite`. The `-P` tells the Engine to expose all the ports on the container.
6. Stop the container, and see that it's still around and called `mysite`
2. docker tag
`docker tag nginx:mysite [$DTR]/admin/my-nginx:mysite`
7. docker push (edited) `[$DTR]/admin/my-nginx:mysite`
## Step 1. Download a client bundle
In this step, you download the *client bundle*, which contains your user
certificates, and a script to configure a shell environment with them so you can
connect to UCP.
Both nodes in your UCP cluster are running an instance of Engine. A UCP operator Both nodes in your UCP cluster are running an instance of Engine. A UCP operator
can use the command line Engine client instead of the UCP web interface to can use the command line Engine client instead of the UCP web interface to
@ -38,9 +241,10 @@ interact with the Docker objects and resources UCP manages.
However, to issue commands to a UCP node, your local shell environment must be However, to issue commands to a UCP node, your local shell environment must be
configured with the same security certificates as the UCP application itself. configured with the same security certificates as the UCP application itself.
Think of this as logging in to UCP with your shell. Think of this as logging in to UCP with your user credentials, but from your
shell.
Download the bundle and configure your environment. First, we'll download the bundle and configure your environment.
1. If you haven't already done so, log into UCP. 1. If you haven't already done so, log into UCP.
@ -48,27 +252,19 @@ Download the bundle and configure your environment.
3. Scroll down and click **Create Client Bundle**. 3. Scroll down and click **Create Client Bundle**.
The browser downloads the `ucp-bundle-$USERNAME.zip` file. The browser downloads a `ucp-bundle-$USERNAME.zip` file.
4. Open a new shell on your local machine. 4. Open a new shell on your local machine.
5. Make sure your shell is does not have an active Docker Machine host. 5. Make sure this new shell is not connected to a Docker Machine host by running `docker-machine ls`. No Docker host is connective if none of the hosts in the list show an * (asterisk) in the `ACTIVE` column.
```none
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Stopped Unknown
node1 - virtualbox Running tcp://192.168.99.100:2376 v1.12.1
node2 - virtualbox Running tcp://192.168.99.101:2376 v1.12.1
```
While Machine has a stopped and running host, neither is active in the shell. You know this because neither host shows an * (asterisk) indicating the shell is configured.
<!-- Not needed here - needed elsewhere?
4. Create a directory to hold the deploy information. 4. Create a directory to hold the deploy information.
``` ```
$ mkdir deploy-app $ mkdir deploy-app
``` ```
-->
4. Navigate to where the bundle was downloaded, and unzip the client bundle 4. Navigate to where the bundle was downloaded, and unzip the client bundle
@ -82,9 +278,12 @@ Download the bundle and configure your environment.
extracting: env.sh extracting: env.sh
``` ```
5. Change into the directory that was created when the bundle was unzipped 5. From your shell, change into the directory created when the bundle was
unzipped.
6. Execute the `env.sh` script to set the appropriate environment variables for your UCP deployment. 6. Execute the `env.sh` script.
This sets the appropriate environment variables for your UCP deployment.
``` ```
$ source env.sh $ source env.sh
@ -94,60 +293,10 @@ Download the bundle and configure your environment.
7. Run `docker info` to examine the UCP deployment. 7. Run `docker info` to examine the UCP deployment.
Your output should show that you are managing UCP vs. a single node. Your output should reflect a connection to UCP, instead of just a single local Docker instance. If you completed the previous installation tutorial, you should see `Nodes: 2` in the output.
```none ```none
$ docker info $ docker info
Containers: 12
Running: 0
Paused: 0
Stopped: 0
Images: 17
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
node1: 192.168.99.106:12376
└ Status: Healthy
└ Containers: 9
└ Reserved CPUs: 0 / 1
└ Reserved Memory: 0 B / 3.01 GiB
└ Labels: executiondriver=native-0.2, kernelversion=4.1.17-boot2docker, operatingsystem=Boot2Docker 1.10.0 (TCL 6.4.1); master : b09ed60 - Thu Feb 4 20:16:08 UTC 2016, provider=virtualbox, storagedriver=aufs
└ Error: (none)
└ UpdatedAt: 2016-02-09T12:03:16Z
node2: 192.168.99.107:12376
└ Status: Healthy
└ Containers: 3
└ Reserved CPUs: 0 / 1
└ Reserved Memory: 0 B / 4.956 GiB
└ Labels: executiondriver=native-0.2, kernelversion=4.1.17-boot2docker, operatingsystem=Boot2Docker 1.10.0 (TCL 6.4.1); master : b09ed60 - Thu Feb 4 20:16:08 UTC 2016, provider=virtualbox, storagedriver=aufs
└ Error: (none)
└ UpdatedAt: 2016-02-09T12:03:11Z
Cluster Managers: 1
192.168.99.106: Healthy
└ Orca Controller: https://192.168.99.106:443
└ Swarm Manager: tcp://192.168.99.106:3376
└ KV: etcd://192.168.99.106:12379
Plugins:
Volume:
Network:
CPUs: 2
Total Memory: 7.966 GiB
Name: ucp-controller-node1
ID: P5QI:ZFCX:ELZ6:RX2F:ADCT:SJ7X:LAMQ:AA4L:ZWGR:IA5V:CXDE:FTT2
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
Labels:
com.docker.ucp.license_key=p3vPAznHhbitGG_KM36NvCWDiDDEU7aP_Y9z4i7V4DNb
com.docker.ucp.license_max_engines=1
com.docker.ucp.license_expires=2016-11-11 00:53:53 +0000 UTC
```
```
$ docker info
Containers: 18 Containers: 18
Images: 28 Images: 28
Server Version: swarm/1.2.5 Server Version: swarm/1.2.5
@ -188,107 +337,26 @@ Download the bundle and configure your environment.
com.docker.ucp.license_key=cbikfA44-5gAJ3iOgPp_6AMl_V_uRxFiITvyVvESdFWx com.docker.ucp.license_key=cbikfA44-5gAJ3iOgPp_6AMl_V_uRxFiITvyVvESdFWx
com.docker.ucp.license_max_engines=10 com.docker.ucp.license_max_engines=10
com.docker.ucp.license_expires=2016-10-29 00:01:45 +0000 UTC com.docker.ucp.license_expires=2016-10-29 00:01:45 +0000 UTC
``` ```
<!-- ## Create repo
log in to dtr.
create a repo called hi-there
docker pull hello-world
docker tag hello-world:latest as [$DTR]/admin/hi-there
docker push ohai [$DTR]/admin/hi-there
Next, make sure node1 is active
Docker login
`docker tag alpine:latest <path to dtr>/admin/foobar`
then
`docker push <path to dtr>/admin/foobar`
-->
## Step 8. Deploy a container
UCP allows you to deploy and manage "Dockerized" applications in production. An ## Docker pull to put images on ucp
application is built using Docker objects, such as images and containers, and
Docker resources, such as volumes and networks.
UCP deploys and manages these objects and resources using remote API calls to 1. docker pull nginx - from docker hub/cloud
the Engine daemons running on the nodes. For example, the `run` action may ```
deploy an image in a Docker container. That image might define a service such as $ docker pull nginx
an Nginx web server or a database like Postgres. Using default tag: latest
node1: Pulling nginx:latest... : downloaded
node2: Pulling nginx:latest... : downloaded
```
see that it shows up on both nodes
A UCP administrator initiates Engine actions using the UCP dashboard or the
Docker Engine CLI. In this step, you deploy a container from the UCP dashboard.
The container runs an Nginx server, so you'll need to launch the `nginx` image
inside of it.
1. Log in to the UCP **Dashboard**.
2. Click **Containers**.
The system displays the **Containers** page.
> **Tip**: UCP runs some containers that support its own operations called
"system" containers. These containers are hidden by default.
3. Click **+ Deploy Container**.
UCP provides a dialog for you to enter configuration options for the container. For this example, we'll deploy a simple `nginx` container using specific values for each field. If you already know what you're doing, feel free to explore once you've completed this example.
4. Enter `nginx` for the image name.
An image is a specific build of software you want to run. The software might
be a stand-alone application, or component software necessary to support a
complex service.
5. Enter `nginx_server` for the container name.
This name just identifies the container on your network.
6. Click **Publish Ports** from the **Overview** menu.
A Docker container is isolated from other processes on your network and has its own internal network configuration. To access the service inside a container, you need to expose the container's port, which maps to a port on the node. The node is hosting an instance of Docker Engine, so its port is called the **Host Port**.
7. Enter `443` in both the **Port** field and the **Host Port** field.
8. Click the plus sign to add another **Port**.
9. For this port, enter `80` in both the **Port** and **Host Port** fields.
When you are done, your dialog should look like this:
![Port configuration](images/port_config.png)
10. Click **Run Container** to deploy the container.
![Deployed](images/display_container.png)
## Step 9. View a running service
At this point, you have deployed a container and you should see the container
status is `running`. Recall that you deployed an Nginx web server. That server
comes with a default page that you can view to validate that the server is
running. In this step, you open the running server.
1. Navigate back to the **Containers** page.
2. Click the edit icon on the container.
![Edit](images/container_edit.png)
The system displays the container's details and some operations you can run on the container.
3. Scroll down to the ports section.
You'll see an IP address with port `80` for the server.
4. Copy the IP address to your browser and paste the information you copied.
You should see the welcome message for nginx.
![Port 80](images/welcome_nginx.png)
## Step 11. Deploy with the CLI ## Step 11. Deploy with the CLI