This is a simple guide to deploying some SLES hosts, configuring them to allow deployment of Docker Engines along with configuration to allow Docker Datacenter to be deployed on the platform. It’s also possible to deploy the components using Docker for Mac/Windows as detailed here.
Disclaimer: This is in “no way” an official or supported procedure for deploying Docker CaaS.
I’ve had Docker DataCenter in about 75% of my emails over the last few months and it’s certainly been something that has been on my to-do list to get a private (lab) deployment done. Given the HPE and SuSE announcement in September I decided that I would see how easy it would be to have my deployment on a few SLES hosts, turns out it’s surprisingly simple (although, I was expecting something like OpenStack deployments a few years ago 😕 )
Also, if you’re just looking to *just* deploy Docker DataCenter then ignore the Host configuration steps.
SuSE Linux Enterprise Server (SLES) is a pretty locked down beast and will require a few things modified before it can run as a Docker host.
The installation was done through the CD images, although it you want to automate the procedure it’s a case of configuring your AutoYast to deploy the correct SuSE patterns. As you step through the installation screens there are a couple of screens to be aware of:
Under the Software headline, deselect the patterns GNOME Desktop Environment and X Windows System as we won’t be needing a GUI or full desktop environment. Also under the Firewall and SSH headline, the SSH port is blocked by default and that means you won’t be able to SSH into your server once the Operating System has been installed so click (open).
So after my installation I ended up with two hosts (that can happily ping and resolve one another etc.):
ddc01 192.168.0.140 / 255.255.255.0
ddc02 192.168.0.141 / 255.255.255.0
The next step is to allow the myriad of ports required for UCP and DTR, this is quite simple and consists of opening up the file
/etc/sysconfig/SuSEfirewall2 and modifying it to look like the following:
FW_SERVICES_EXT_TCP="443 2376 2377 12376 12379:12386"
Once this change has been completed, the firewall rules will be re-read by using the command
Follow the instructions here, no point copying it twice.
I’m still waiting for my 60-day registration to arrive from SuSE , so in the meantime I decided to start adding other Repositories to deploy applications. NOTE: As this isn’t coming from a Enterprise repository it certainly won’t be supported.
So the quickest way of getting the latest Docker on a SLES system is to have the latest OpenSuSe repository added, the following two lines will add the repository and add Docker:
zypper ar -f http://download.opensuse.org/tumbleweed/repo/oss/ oss
zipper in docker
Docker version 1.12.1, build 8eab29e
To recap, we have a number of hosts configured that have network connectivity and the firewall ports open and finally we’ve Docker installed and ready to deploy containers.
On our first node
ddc01, we deploy the UCP installer, which automates the pulling of additional containers that make up the UCP.
docker run --rm -it --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp install -i --host-address 192.168.0.140
Errors to watch for:
FATA The following required ports are blocked on your host: 12376. Check your firewall settings.
.. Make sure that you’ve edited the firewall configuration and reloaded the rules
WARNING: IPv4 forwarding is disabled. Networking will not work.
Enable IPv4 forwarding in the yast routing configuration.
Once the installation starts it will ask you for a password for the admin user, for this example the password I set was ‘password’ however I highly recommend that you choose something a little more secure. The installer will also give you the option to set additional SANs for the TLS certificates for additional domain names.
The installation will complete, and in my environment i’ll be able to connect to my UCP by putting in the address of ddc01 in a web browser.
After logging into the UCP for the first time, the dashboard will display everything that the docker cluster is currently managing. There will be a number of containers displayed as they make up the UCP (UCP web server, etcd, swarm manager, swarm client etc…). Adding in additional nodes is as simple as adding in Docker workers to a swarm cluster, possibly simpler as the UCP provides you with a command that can be copied and pasted on all further nodes to add them to the cluster.
Note: The UCP needs a license adding, otherwise additional nodes will fail during the add process.
ddc02 install the Docker Trusted Registry as it’s not supported or recommended to have the UCP and the DTR on the same nodes.
ddc02 we download UCP certificate.
curl -k https://192.168.0.140/ca > ucp-ca.pem
To then install the DTR, run this docker command and it will pull down the containers and add the registry to the control plane.
docker run -it --rm docker/dtr install --ucp-url http://192.168.0.140 \
--ucp-node ddc02 \
--dtr-external-url 192.168.0.141 \
--ucp-username admin \
--ucp-password password \
--ucp-ca "$(cat ucp-ca.pem)"
With all this completed we have a the following:
I was pleasantly surprised about the simplicity of deploying the components that make up Docker Datacenter. Although it looks a little bit like the various components are running behind the new functionality that has been added to the Docker engine, this is evident in that UCP doesn’t use swarm that is part of 1.12 and wastes a little bit of resource in deploying additional containers to provide the swarm clustering.
It would be nice in the future to provide a more feature rich UI that provides workflow capabilities to compose applications. As currently it’s based upon hand crafting compose files in YAML, that you can copy and paste into the UCP or upload your existing compose files. However the UCP provides an excellent overview of your deployed applications and the current status of containers (logs and statistics).