This is a simple guide to deploying some SLES hosts, configuring them to allow deployment of Docker Engines along with configuration to allow Docker Datacenter to be deployed on the platform. It’s also possible to deploy the components using Docker for Mac/Windows as detailed here.
Disclaimer: This is in “no way” an official or supported procedure for deploying Docker CaaS.
I’ve had Docker DataCenter in about 75% of my emails over the last few months and it’s certainly been something that has been on my to-do list to get a private (lab) deployment done. Given the HPE and SuSE announcement in September I decided that I would see how easy it would be to have my deployment on a few SLES hosts, turns out it’s surprisingly simple (although, I was expecting something like OpenStack deployments a few years ago 😕 )
Also, if you’re just looking to *just* deploy Docker DataCenter then ignore the Host configuration steps.
- 1-2 large cups of tea (depends on any typing mistakes)
- 2 or more SLES hosts (virtual of physical makes no difference, 1vCPU and 2GB ram, 16GB disk) mine were all built from
- A SuSE product registration, 60 day free is fine (can take 24 hours for the email to arrive) *OPTIONAL*
- A Docker Datacenter license 60 day trial is minimum *REQUIRED*
- An internet connection? (it’s 2016 … )
Configuring your hosts
SuSE Linux Enterprise Server (SLES) is a pretty locked down beast and will require a few things modified before it can run as a Docker host.
SLES 12 SP1 Installation
The installation was done through the CD images, although it you want to automate the procedure it’s a case of configuring your AutoYast to deploy the correct SuSE patterns. As you step through the installation screens there are a couple of screens to be aware of:
- Product Registration: If you have the codes then add them in here, it simplifies installing Docker later. ALSO, this is where the Network Settings are hidden 😈 So either set your static networking here or alternatively it can be done through yast on the cli (details here). Ensure on the routing page that IPv4 Forwarding is enabled for Docker networking.
- Installation Settings: The defaults can leave you with a system you can’t connect to.
Under the Software headline, deselect the patterns GNOME Desktop Environment and X Windows System as we won’t be needing a GUI or full desktop environment. Also under the Firewall and SSH headline, the SSH port is blocked by default and that means you won’t be able to SSH into your server once the Operating System has been installed so click (open).
So after my installation I ended up with two hosts (that can happily ping and resolve one another etc.):
ddc01 192.168.0.140 / 255.255.255.0
ddc02 192.168.0.141 / 255.255.255.0
The next step is to allow the myriad of ports required for UCP and DTR, this is quite simple and consists of opening up the file
/etc/sysconfig/SuSEfirewall2 and modifying it to look like the following:
FW_SERVICES_EXT_TCP="443 2376 2377 12376 12379:12386"
Once this change has been completed, the firewall rules will be re-read by using the command
Installing Docker with a Product registration
Follow the instructions here, no point copying it twice.
Installing Docker without a Product registration
I’m still waiting for my 60-day registration to arrive from SuSE , so in the meantime I decided to start adding other Repositories to deploy applications. NOTE: As this isn’t coming from a Enterprise repository it certainly won’t be supported.
So the quickest way of getting the latest Docker on a SLES system is to have the latest OpenSuSe repository added, the following two lines will add the repository and add Docker:
zypper ar -f http://download.opensuse.org/tumbleweed/repo/oss/ oss
zipper in docker
Docker version 1.12.1, build 8eab29e
To recap, we have a number of hosts configured that have network connectivity and the firewall ports open and finally we’ve Docker installed and ready to deploy containers.
Deploying Docker Datacenter
Deploying the Universal Control Plane (UCP)
On our first node
ddc01, we deploy the UCP installer, which automates the pulling of additional containers that make up the UCP.
docker run --rm -it --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp install -i --host-address 192.168.0.140
Errors to watch for:
FATA The following required ports are blocked on your host: 12376. Check your firewall settings.
.. Make sure that you’ve edited the firewall configuration and reloaded the rules
WARNING: IPv4 forwarding is disabled. Networking will not work.
Enable IPv4 forwarding in the yast routing configuration.
Once the installation starts it will ask you for a password for the admin user, for this example the password I set was ‘password’ however I highly recommend that you choose something a little more secure. The installer will also give you the option to set additional SANs for the TLS certificates for additional domain names.
The installation will complete, and in my environment i’ll be able to connect to my UCP by putting in the address of ddc01 in a web browser.
Adding nodes to the UCP
After logging into the UCP for the first time, the dashboard will display everything that the docker cluster is currently managing. There will be a number of containers displayed as they make up the UCP (UCP web server, etcd, swarm manager, swarm client etc…). Adding in additional nodes is as simple as adding in Docker workers to a swarm cluster, possibly simpler as the UCP provides you with a command that can be copied and pasted on all further nodes to add them to the cluster.
Note: The UCP needs a license adding, otherwise additional nodes will fail during the add process.
Deploying the Docker Trusted Registry (DTR)
ddc02 install the Docker Trusted Registry as it’s not supported or recommended to have the UCP and the DTR on the same nodes.
ddc02 we download UCP certificate.
curl -k https://192.168.0.140/ca > ucp-ca.pem
To then install the DTR, run this docker command and it will pull down the containers and add the registry to the control plane.
docker run -it --rm docker/dtr install --ucp-url http://192.168.0.140 \
--ucp-node ddc02 \
--dtr-external-url 192.168.0.141 \
--ucp-username admin \
--ucp-password password \
--ucp-ca "$(cat ucp-ca.pem)"
With all this completed we have a the following:
- A number of configured hosts with correct firewall rules.
- Docker Engine, that starts and stops the containers
- Docker Swarm, clusters together the Docker Engines (it’s worth noting that it’s not the in built swarm in 1.12 and it still uses the swarm container to link together engines)
- Docker DTR, the platform for hosting Docker images to be deployed on the engines
- Docker UCP, as the front end to the entire platform.
I was pleasantly surprised about the simplicity of deploying the components that make up Docker Datacenter. Although it looks a little bit like the various components are running behind the new functionality that has been added to the Docker engine, this is evident in that UCP doesn’t use swarm that is part of 1.12 and wastes a little bit of resource in deploying additional containers to provide the swarm clustering.
It would be nice in the future to provide a more feature rich UI that provides workflow capabilities to compose applications. As currently it’s based upon hand crafting compose files in YAML, that you can copy and paste into the UCP or upload your existing compose files. However the UCP provides an excellent overview of your deployed applications and the current status of containers (logs and statistics).