Setting Up Docker Enterprise with Universal Control Plane and Trusted Registry

Hands-On Lab

 

Photo of Will Boyd

Will Boyd

DevOps Team Lead in Content

Length

02:00:00

Difficulty

Intermediate

Docker Enterprise Edition (Docker EE) provides a wide variety of enterprise-level features for managing containers. Universal Control Plane (UCP) delivers a feature-packed interface for the Docker EE cluster that allows us to orchestrate containers with ease. Docker Trusted Registry (DTR) is also a feature-rich registry with an immense range of security measures and customization capabilities. In this lab, we will work with Docker EE components by building our own Docker EE cluster on a set of Linux servers. Finally, we will practice installing and configuring the Docker EE engine, UCP, and DTR.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Setting Up Docker Enterprise with Universal Control Plane and Trusted Registry

Introduction

In this lab, we will work with Docker EE components by building our own Docker EE cluster on a set of Linux servers. Finally, we will practice installing and configuring the Docker EE engine, UCP, and DTR.

Solution

Log in to the lab server using the credentials provided on the hands-on lab page:

ssh cloud_user@PUBLIC_IP_ADDRESS

Install Docker EE on All Three Servers

Note: Perform the following steps on all three servers:

  1. Start a free trial for Docker EE:

    If you don't have a Docker EE trial already started, then launch one here: https://hub.docker.com/editions/enterprise/docker-ee-trial. This free trial lasts up to a month, but another one can be started right after it expires.

  2. Go to https://hub.docker.com/my-content and retrieve a unique URL for Docker EE.

  3. Click Setup.

  4. Copy the URL generated for Docker EE.

  5. Set a few environment variables. Ensure that the unique URL generated for Docker EE is also used here:

    DOCKER_EE_URL=<YOUR_DOCKER_EE_URL>
    DOCKER_EE_VERSION=18.09
  6. Verify that the required packages install successfully:

    sudo apt-get install -y 
       apt-transport-https 
       ca-certificates 
       curl 
       software-properties-common
  7. Add the gpg key and repository using the unique URL for Docker EE:

    curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
    
    sudo add-apt-repository 
      "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu 
      $(lsb_release -cs) 
      stable-$DOCKER_EE_VERSION"
  8. Install Docker EE:

    sudo apt-get update
    
    sudo apt-get install -y docker-ee=5:18.09.4~3-0~ubuntu-bionic
  9. Apply cloud_user access to run the Docker commands:

    sudo usermod -a -G docker cloud_user

    Log out and log back in again.

  10. Test the Docker EE installation to verify that it's working:

    docker version

Set Up the UCP Manager

Note: Perform the following steps on the UCP manager server:

  1. Pull the UCP image:

    docker image pull docker/ucp:3.1.5
  2. Set an environment variable to the private IP address of the UCP manager server:

    PRIVATE_IP=10.0.1.101
  3. Use the UCP image for the installation:

    docker container run --rm -it --name ucp 
     -v /var/run/docker.sock:/var/run/docker.sock 
     docker/ucp:3.1.5 install 
     --host-address $PRIVATE_IP 
     --interactive
  4. Enter new admin credentials when prompted, and then take note of them as we will need them later on in this lab.

  5. Once the installation completes, a prompt will appear for additional aliases, press Enter to select the default.

  6. In a web browser go to: https://[UCP manager Public IP] for accessing the UCP manager.

    Note: A warning about the self-signed certificate's validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

  7. Use the admin credentials that were created during the initial setup process to log in.

  8. A prompt will appear asking for a license file. Keep the UCP tab open and use a new tab to download the license.

  9. Go to the Docker site: https://hub.docker.com/my-content to retrieve the license file.

  10. Click Setup.

  11. Under the Resources section, click License Key to download the required license file.

  12. Click Upload License.

  13. Return to UCP manager in a web browser and insert the license file that was obtained from Docker Hub.

Add Both UCP Workers to the Cluster

  1. Navigate back to the UCP manager interface in a web browser to retrieve the worker join command. We will also generate a docker swarm join command that can be copied.
  2. Click Shared Resources
  3. Click Nodes
  4. Click Add Node.
  5. Apply the following values on the Add Node page:
    • Node type: Linux
    • Node role: Worker
  6. Run the join command on both of the worker nodes.
  7. Copy the docker swarm join command obtained from the UCP manager and run it on both of the worker nodes.

Set Up Docker Trusted Registry

Get the DTR setup command from the UCP manager by performing the following steps:

  1. Access the UCP manager from a web browser.

  2. Click Admin > Admin Settings.

  3. Click Docker Trusted Registry.

  4. On the Admin Settings page locate the UCP Node section.

  5. Click ip-10-0-1-102.

  6. Click the checkbox labeled Disable TLS verification for UCP.

  7. The UCP page will generate a docker run command that can be copied.

    Note: To run the setup command, we need to modify the command provided by the UCP manager.

  8. In the line with the flag --ucp-url, we will see the public IP of the UCP manager. With a text-editor, such as https://www.editpad.org/, replace the public IP with the UCP manager private IP 10.0.1.101.

  9. Paste and run the modified command on the DTR worker server.

  10. When prompted for the ucp-password, enter the admin password that was created when we set up the UCP manager.

  11. Access DTR from a web browser by entering: https://DTR_WORKER_PUBLIC_IP.

    Note: A warning about the self-signed certificate's validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

    Use the same admin credentials that we created when setting up the UCP manager to log in.

Conclusion

Congratulations — you've completed this hands-on lab!