#やること
EC2にDockerレジストリを構築。
Docker Enterprise Edition 2.1を採用。
Dockerレジストリソフトは、DTRを採用。
サーバはAWSに構築。
#用語整理
・Dockerレジストリ・・・Dockerイメージを保存する場所
・DockerHub・・・公式のDockerレジストリ(https://hub.docker.com/)
・DTR(Docker Trusted Registry)・・・今回構築するプライベートなDockerレジストリ
・UCP(Universal Control Plane)・・・DTRを操作するUI等を含むもの
イメージ図
#バージョンマトリックス
| OS Distribution(x86_64) | Enterprise Engine | UCP | DTR | Storage Driver | Orchestration | DTR Storage Backend |
|---|---|---|---|---|---|---|
| RHEL 7.4 | 18.09.x | 3.1.x | 2.6.x | overlay2, devicemapper | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
| RHEL 7.5 | 18.09.x | 3.1.x | 2.6.x | overlay2 | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
| RHEL 7.6 | 18.09.x | 3.1.x starting with 3.1.3 | 2.6.x starting with 2.6.2 | overlay2 | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
#構築手順
1.EC2構築
2.DockerEngineEEインストール
3.UCPインストール
4.DTRインストール
#1.EC2構築
AMI:RHEL-7.5_HVM_GA-20180322-x86_64-1-Hourly2-GP2 (ami-6b0d5f0d)
インスタンスタイプ:t2.2xlarge
※DTR要件(最低限/推奨)
メモリ:16GB/16GB
CPU:2CPU/4CPU
Disk:10GB/25-100GB
参考URL:https://docs.docker.com/ee/dtr/admin/install/system-requirements/
#2.DockerEngineEEインストール
DockerEEはDockerHubから取得できます。
EEは1ヶ月間だけ、試用版で使えますので、ダウンロードします。
https://hub.docker.com/search/?q=&type=edition&offering=enterprise
※アカウント必須
・上記URLアクセス後、
Docker Enterprise (Red Hat Enterprise Linux)を選択。
Start 1 Month Trialを選択。
License Keyを選択して、ダウンロードします。
Copy and paste this URL to download your EditonがDockerEEのリポジトリのため、コピーしておきます。
ライセンスのダウンロードが終わったので、インストールを行っていきます。
$ sudo -s
# export DOCKERURL="リポジトリのURL"
# sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
# sh -c 'echo "7.5" > /etc/yum/vars/dockerosversion'
# yum install -y yum-utils device-mapper-persistent-data lvm2
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
rhui-REGION-client-config-server-7 | 2.9 kB 00:00:00
rhui-REGION-rhel-server-releases | 3.5 kB 00:00:00
rhui-REGION-rhel-server-rh-common | 3.8 kB 00:00:00
(1/7): rhui-REGION-client-config-server-7/x86_64/primary_db | 3.3 kB 00:00:00
(2/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/group | 124 B 00:00:00
(3/7): rhui-REGION-rhel-server-releases/7Server/x86_64/group | 774 kB 00:00:00
(4/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/primary_db | 117 kB 00:00:00
(5/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/updateinfo | 33 kB 00:00:00
(6/7): rhui-REGION-rhel-server-releases/7Server/x86_64/updateinfo | 3.2 MB 00:00:00
(7/7): rhui-REGION-rhel-server-releases/7Server/x86_64/primary_db | 57 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 will be installed
--> Processing Dependency: libaio.so.1(LIBAIO_0.1)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.4)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1()(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
---> Package lvm2.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: lvm2-libs = 7:2.02.180-10.el7_6.8 for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
---> Package yum-utils.noarch 0:1.1.31-45.el7 will be updated
---> Package yum-utils.noarch 0:1.1.31-50.el7 will be an update
--> Running transaction check
---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8 will be installed
---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed
---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper-event = 7:1.02.149-10.el7_6.8 for package: 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper = 7:1.02.149-10.el7_6.8 for package: 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.146-4.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.146-4.el7 for package: 7:device-mapper-libs-1.02.146-4.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.146-4.el7 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
device-mapper-persistent-data x86_64 0.7.3-3.el7 rhui-REGION-rhel-server-releases 405 k
lvm2 x86_64 7:2.02.180-10.el7_6.8 rhui-REGION-rhel-server-releases 1.3 M
Updating:
yum-utils noarch 1.1.31-50.el7 rhui-REGION-rhel-server-releases 121 k
Installing for dependencies:
device-mapper-event x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 189 k
device-mapper-event-libs x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 188 k
libaio x86_64 0.3.109-13.el7 rhui-REGION-rhel-server-releases 24 k
lvm2-libs x86_64 7:2.02.180-10.el7_6.8 rhui-REGION-rhel-server-releases 1.1 M
Updating for dependencies:
device-mapper x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 293 k
device-mapper-libs x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 321 k
Transaction Summary
============================================================================================================
Install 2 Packages (+4 Dependent packages)
Upgrade 1 Package (+2 Dependent packages)
Total download size: 3.9 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/9): device-mapper-1.02.149-10.el7_6.8.x86_64.rpm | 293 kB 00:00:00
(2/9): device-mapper-event-1.02.149-10.el7_6.8.x86_64.rpm | 189 kB 00:00:00
(3/9): device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64.rpm | 188 kB 00:00:00
(4/9): device-mapper-libs-1.02.149-10.el7_6.8.x86_64.rpm | 321 kB 00:00:00
(5/9): device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm | 405 kB 00:00:00
(6/9): libaio-0.3.109-13.el7.x86_64.rpm | 24 kB 00:00:00
(7/9): lvm2-libs-2.02.180-10.el7_6.8.x86_64.rpm | 1.1 MB 00:00:00
(8/9): lvm2-2.02.180-10.el7_6.8.x86_64.rpm | 1.3 MB 00:00:00
(9/9): yum-utils-1.1.31-50.el7.noarch.rpm | 121 kB 00:00:00
------------------------------------------------------------------------------------------------------------
Total 7.1 MB/s | 3.9 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 7:device-mapper-1.02.149-10.el7_6.8.x86_64 1/12
Updating : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64 2/12
Installing : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64 3/12
Installing : libaio-0.3.109-13.el7.x86_64 4/12
Installing : device-mapper-persistent-data-0.7.3-3.el7.x86_64 5/12
Installing : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64 6/12
Installing : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64 7/12
Installing : 7:lvm2-2.02.180-10.el7_6.8.x86_64 8/12
Updating : yum-utils-1.1.31-50.el7.noarch 9/12
Cleanup : yum-utils-1.1.31-45.el7.noarch 10/12
Cleanup : 7:device-mapper-1.02.146-4.el7.x86_64 11/12
Cleanup : 7:device-mapper-libs-1.02.146-4.el7.x86_64 12/12
Verifying : device-mapper-persistent-data-0.7.3-3.el7.x86_64 1/12
Verifying : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64 2/12
Verifying : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64 3/12
Verifying : yum-utils-1.1.31-50.el7.noarch 4/12
Verifying : 7:lvm2-2.02.180-10.el7_6.8.x86_64 5/12
Verifying : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64 6/12
Verifying : libaio-0.3.109-13.el7.x86_64 7/12
Verifying : 7:device-mapper-1.02.149-10.el7_6.8.x86_64 8/12
Verifying : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64 9/12
Verifying : 7:device-mapper-1.02.146-4.el7.x86_64 10/12
Verifying : yum-utils-1.1.31-45.el7.noarch 11/12
Verifying : 7:device-mapper-libs-1.02.146-4.el7.x86_64 12/12
Installed:
device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 lvm2.x86_64 7:2.02.180-10.el7_6.8
Dependency Installed:
device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8
libaio.x86_64 0:0.3.109-13.el7 lvm2-libs.x86_64 7:2.02.180-10.el7_6.8
Updated:
yum-utils.noarch 0:1.1.31-50.el7
Dependency Updated:
device-mapper.x86_64 7:1.02.149-10.el7_6.8 device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8
Complete!
#
Dockerエンジンのインストールには、
標準リポジトリのみだと足りないため、
拡張リポジトリの有効化をします。
# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: amazon-id, rhui-lb
#
以下はAWS独自の手順です。
拡張のリポジトリを有効化します。
クラウドベンダによって手順は違います。
# yum-config-manager --enable rhui-REGION-rhel-server-extras
Loaded plugins: amazon-id, rhui-lb
=================================== repo: rhui-REGION-rhel-server-extras =================================
[rhui-REGION-rhel-server-extras]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7Server
baseurl =
cache = 0
cachedir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage =
enabled = 1
enablegroups = True
exclude =
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgcadir
gpgcakey =
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgdir
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
hdrdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/headers
http_caching = all
includepkgs =
ip_resolve =
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid =
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink =
minrate = 0
mirrorlist = https://rhui2-cds01.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/7/7Ser r/x86_64/extras/os
mirrorlist_expire = 86400
name = Red Hat Enterprise Linux Server 7 Extra(RPMs)
old_base_cache_dir =
password =
persistdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras
pkgdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/packages
proxy = False
proxy_dict =
proxy_password =
proxy_username =
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert = /etc/pki/rhui/cdn.redhat.com-chain.crt
sslclientcert = /etc/pki/rhui/product/content-rhel7.crt
sslclientkey = /etc/pki/rhui/content-rhel7.key
sslverify = True
throttle = 0
timeout = 30.0
ui_id = rhui-REGION-rhel-server-extras/7Server/x86_64
ui_repoid_vars = releasever,
basearch
username =
DockerEngine用のリポジトリ有効化します。
# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
Loaded plugins: amazon-id, rhui-lb
adding repo from: https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo
grabbing file https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo to /etc/yum.repos.d/docker-ee.repo
repo saved to /etc/yum.repos.d/docker-ee.repo
#
リポジトリの準備が終わったので、インストールをします。
# yum -y install docker-ee docker-ee-cli containerd.io
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
docker-ee-stable-18.09 | 3.5 kB 00:00:00
rhui-REGION-rhel-server-extras | 3.4 kB 00:00:00
rhui-REGION-rhel-server-releases | 3.5 kB 00:00:00
rhui-REGION-rhel-server-rh-common | 3.8 kB 00:00:00
(1/5): rhui-REGION-rhel-server-extras/7Server/x86_64/group | 124 B 00:00:00
(2/5): rhui-REGION-rhel-server-extras/7Server/x86_64/updateinfo | 200 kB 00:00:00
(3/5): rhui-REGION-rhel-server-extras/7Server/x86_64/primary_db | 536 kB 00:00:00
(4/5): docker-ee-stable-18.09/x86_64/updateinfo | 55 B 00:00:01
(5/5): docker-ee-stable-18.09/x86_64/primary_db | 14 kB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package containerd.io.x86_64 0:1.2.6-3.3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.2.6-3.3.el7.x86_64
---> Package docker-ee.x86_64 3:18.09.7-3.el7 will be installed
---> Package docker-ee-cli.x86_64 1:18.09.7-3.el7 will be installed
--> Running transaction check
---> Package container-selinux.noarch 2:2.99-1.el7_6 will be installed
--> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
--> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
---> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Running transaction check
---> Package libsemanage.x86_64 0:2.5-11.el7 will be updated
--> Processing Dependency: libsemanage = 2.5-11.el7 for package: libsemanage-python-2.5-11.el7.x86_64
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
--> Processing Dependency: libselinux >= 2.5-14 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol >= 2.5-10 for package: libsemanage-2.5-14.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-22.el7 will be updated
--> Processing Dependency: policycoreutils = 2.5-22.el7 for package: policycoreutils-python-2.5-22.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux.x86_64 0:2.5-12.el7 will be updated
--> Processing Dependency: libselinux(x86-64) = 2.5-12.el7 for package: libselinux-python-2.5-12.el7.x86_64
---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update
---> Package libsemanage-python.x86_64 0:2.5-11.el7 will be updated
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be an update
---> Package libsepol.x86_64 0:2.5-8.1.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-22.el7 will be updated
---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update
---> Package setools-libs.x86_64 0:3.3.8-2.el7 will be updated
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
containerd.io x86_64 1.2.6-3.3.el7 docker-ee-stable-18.09 26 M
docker-ee x86_64 3:18.09.7-3.el7 docker-ee-stable-18.09 21 M
docker-ee-cli x86_64 1:18.09.7-3.el7 docker-ee-stable-18.09 15 M
Installing for dependencies:
container-selinux noarch 2:2.99-1.el7_6 rhui-REGION-rhel-server-extras 39 k
Updating for dependencies:
libselinux x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 162 k
libselinux-python x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 236 k
libselinux-utils x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 152 k
libsemanage x86_64 2.5-14.el7 rhui-REGION-rhel-server-releases 151 k
libsemanage-python x86_64 2.5-14.el7 rhui-REGION-rhel-server-releases 113 k
libsepol x86_64 2.5-10.el7 rhui-REGION-rhel-server-releases 297 k
policycoreutils x86_64 2.5-29.el7_6.1 rhui-REGION-rhel-server-releases 916 k
policycoreutils-python x86_64 2.5-29.el7_6.1 rhui-REGION-rhel-server-releases 456 k
selinux-policy noarch 3.13.1-229.el7_6.12 rhui-REGION-rhel-server-releases 484 k
selinux-policy-targeted noarch 3.13.1-229.el7_6.12 rhui-REGION-rhel-server-releases 6.9 M
setools-libs x86_64 3.3.8-4.el7 rhui-REGION-rhel-server-releases 620 k
Transaction Summary
============================================================================================================
Install 3 Packages (+ 1 Dependent package)
Upgrade ( 11 Dependent packages)
Total download size: 72 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/15): container-selinux-2.99-1.el7_6.noarch.rpm | 39 kB 00:00:00
warning: /var/cache/yum/x86_64/7Server/docker-ee-stable-18.09/packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 76682bc9: NOKEY
Public key for containerd.io-1.2.6-3.3.el7.x86_64.rpm is not installed
(2/15): containerd.io-1.2.6-3.3.el7.x86_64.rpm | 26 MB 00:00:03
(3/15): docker-ee-18.09.7-3.el7.x86_64.rpm | 21 MB 00:00:03
(4/15): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00
(5/15): libselinux-utils-2.5-14.1.el7.x86_64.rpm | 152 kB 00:00:00
(6/15): libselinux-python-2.5-14.1.el7.x86_64.rpm | 236 kB 00:00:00
(7/15): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00
(8/15): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00
(9/15): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00
(10/15): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:00:00
(11/15): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:00:00
(12/15): selinux-policy-3.13.1-229.el7_6.12.noarch.rpm | 484 kB 00:00:00
(13/15): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00
(14/15): selinux-policy-targeted-3.13.1-229.el7_6.12.noarch.rpm | 6.9 MB 00:00:00
(15/15): docker-ee-cli-18.09.7-3.el7.x86_64.rpm | 15 MB 00:00:02
------------------------------------------------------------------------------------------------------------
Total 11 MB/s | 72 MB 00:00:06
Retrieving key from https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Importing GPG key 0x76682BC9:
Userid : "Docker Release (EE rpm) <docker@docker.com>"
Fingerprint: 77fe da13 1a83 1d29 a418 d3e8 99e5 ff2e 7668 2bc9
From : https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libsepol-2.5-10.el7.x86_64 1/26
Updating : libselinux-2.5-14.1.el7.x86_64 2/26
Updating : libsemanage-2.5-14.el7.x86_64 3/26
Updating : libselinux-utils-2.5-14.1.el7.x86_64 4/26
Updating : policycoreutils-2.5-29.el7_6.1.x86_64 5/26
Updating : selinux-policy-3.13.1-229.el7_6.12.noarch 6/26
Updating : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch 7/26
Updating : libsemanage-python-2.5-14.el7.x86_64 8/26
Updating : setools-libs-3.3.8-4.el7.x86_64 9/26
Updating : libselinux-python-2.5-14.1.el7.x86_64 10/26
Updating : policycoreutils-python-2.5-29.el7_6.1.x86_64 11/26
Installing : 2:container-selinux-2.99-1.el7_6.noarch 12/26
Installing : containerd.io-1.2.6-3.3.el7.x86_64 13/26
Installing : 1:docker-ee-cli-18.09.7-3.el7.x86_64 14/26
Installing : 3:docker-ee-18.09.7-3.el7.x86_64 15/26
Cleanup : selinux-policy-targeted-3.13.1-192.el7.noarch 16/26
Cleanup : policycoreutils-python-2.5-22.el7.x86_64 17/26
Cleanup : selinux-policy-3.13.1-192.el7.noarch 18/26
Cleanup : policycoreutils-2.5-22.el7.x86_64 19/26
Cleanup : libselinux-utils-2.5-12.el7.x86_64 20/26
Cleanup : setools-libs-3.3.8-2.el7.x86_64 21/26
Cleanup : libselinux-python-2.5-12.el7.x86_64 22/26
Cleanup : libsemanage-python-2.5-11.el7.x86_64 23/26
Cleanup : libsemanage-2.5-11.el7.x86_64 24/26
Cleanup : libselinux-2.5-12.el7.x86_64 25/26
Cleanup : libsepol-2.5-8.1.el7.x86_64 26/26
Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 1/26
Verifying : 1:docker-ee-cli-18.09.7-3.el7.x86_64 2/26
Verifying : setools-libs-3.3.8-4.el7.x86_64 3/26
Verifying : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch 4/26
Verifying : selinux-policy-3.13.1-229.el7_6.12.noarch 5/26
Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 6/26
Verifying : libsemanage-python-2.5-14.el7.x86_64 7/26
Verifying : libsemanage-2.5-14.el7.x86_64 8/26
Verifying : libsepol-2.5-10.el7.x86_64 9/26
Verifying : containerd.io-1.2.6-3.3.el7.x86_64 10/26
Verifying : libselinux-python-2.5-14.1.el7.x86_64 11/26
Verifying : libselinux-utils-2.5-14.1.el7.x86_64 12/26
Verifying : 2:container-selinux-2.99-1.el7_6.noarch 13/26
Verifying : libselinux-2.5-14.1.el7.x86_64 14/26
Verifying : 3:docker-ee-18.09.7-3.el7.x86_64 15/26
Verifying : libsemanage-python-2.5-11.el7.x86_64 16/26
Verifying : libsemanage-2.5-11.el7.x86_64 17/26
Verifying : libselinux-python-2.5-12.el7.x86_64 18/26
Verifying : setools-libs-3.3.8-2.el7.x86_64 19/26
Verifying : policycoreutils-2.5-22.el7.x86_64 20/26
Verifying : policycoreutils-python-2.5-22.el7.x86_64 21/26
Verifying : selinux-policy-targeted-3.13.1-192.el7.noarch 22/26
Verifying : libsepol-2.5-8.1.el7.x86_64 23/26
Verifying : selinux-policy-3.13.1-192.el7.noarch 24/26
Verifying : libselinux-2.5-12.el7.x86_64 25/26
Verifying : libselinux-utils-2.5-12.el7.x86_64 26/26
Installed:
containerd.io.x86_64 0:1.2.6-3.3.el7 docker-ee.x86_64 3:18.09.7-3.el7
docker-ee-cli.x86_64 1:18.09.7-3.el7
Dependency Installed:
container-selinux.noarch 2:2.99-1.el7_6
Dependency Updated:
libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7
libselinux-utils.x86_64 0:2.5-14.1.el7 libsemanage.x86_64 0:2.5-14.el7
libsemanage-python.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7
policycoreutils.x86_64 0:2.5-29.el7_6.1 policycoreutils-python.x86_64 0:2.5-29.el7_6.1
selinux-policy.noarch 0:3.13.1-229.el7_6.12 selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12
setools-libs.x86_64 0:3.3.8-4.el7
Complete!
#
これで完了。
Dockerサービスを起動させましょう。
# systemctl start docker
# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2019-07-06 04:49:42 UTC; 4s ago
Docs: https://docs.docker.com
Main PID: 2341 (dockerd)
Tasks: 8
Memory: 31.7M
CGroup: /system.slice/docker.service
mq2341 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.68..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.76..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.81..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82...7
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.86..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal systemd[1]: Started Docker Application Cont....
Hint: Some lines were ellipsized, use -l to show in full.
#
せっかくなので、コンテナ立ち上げテスト。
ubuntuを立ち上げます。
# docker run -it ubuntu bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
5b7339215d1d: Pull complete
14ca88e9f672: Pull complete
a31c3b1caad4: Pull complete
b054a26005b7: Pull complete
Digest: sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c
Status: Downloaded newer image for ubuntu:latest
root@13841ed1810a:/#
root@13841ed1810a:/# exit
exit
#
これでDockerEEは終了です。
#3.UCPインストール
まずは、UCPのコンテナイメージをDockerHubからpullします。
# docker image pull docker/ucp:3.1.8
3.1.8: Pulling from docker/ucp
c87736221ed0: Pull complete
831158f6c3f0: Pull complete
7eaca31ce090: Pull complete
Digest: sha256:048414d9d3fd5cc93b3a762582c2cea73b94ef5449072b16231f13b9e355c1e4
Status: Downloaded newer image for docker/ucp:3.1.8
#
イメージをpullしたので、コンテナを立ち上げます。
# docker container run --rm -it --name ucp \
> -v /var/run/docker.sock:/var/run/docker.sock \
> docker/ucp:3.1.8 install \
> --host-address <自分のIPアドレス> \
> --interactive
INFO[0000] Your engine version 18.09.7, build b81f474 (3.10.0-862.el7.x86_64) is compatible with UCP 3.1.8 (b22346c)
Admin Username: <ユーザー名>
Admin Password: <パスワード>
Confirm Admin Password: <パスワード>
INFO[0031] Pulling required images... (this may take a while)
INFO[0031] Pulling docker/ucp-etcd:3.1.8
INFO[0036] Pulling docker/ucp-agent:3.1.8
INFO[0040] Pulling docker/ucp-kube-compose:3.1.8
INFO[0044] Pulling docker/ucp-hyperkube:3.1.8
INFO[0059] Pulling docker/ucp-kube-dns:3.1.8
INFO[0063] Pulling docker/ucp-metrics:3.1.8
INFO[0068] Pulling docker/ucp-auth:3.1.8
INFO[0072] Pulling docker/ucp-azure-ip-allocator:3.1.8
INFO[0075] Pulling docker/ucp-interlock-extension:3.1.8
INFO[0079] Pulling docker/ucp-interlock-proxy:3.1.8
INFO[0083] Pulling docker/ucp-calico-kube-controllers:3.1.8
INFO[0091] Pulling docker/ucp-calico-node:3.1.8
INFO[0097] Pulling docker/ucp-dsinfo:3.1.8
INFO[0113] Pulling docker/ucp-swarm:3.1.8
INFO[0116] Pulling docker/ucp-auth-store:3.1.8
INFO[0121] Pulling docker/ucp-kube-dns-sidecar:3.1.8
INFO[0125] Pulling docker/ucp-interlock:3.1.8
INFO[0128] Pulling docker/ucp-calico-cni:3.1.8
INFO[0133] Pulling docker/ucp-kube-dns-dnsmasq-nanny:3.1.8
INFO[0138] Pulling docker/ucp-pause:3.1.8
INFO[0141] Pulling docker/ucp-kube-compose-api:3.1.8
INFO[0146] Pulling docker/ucp-cfssl:3.1.8
INFO[0149] Pulling docker/ucp-controller:3.1.8
INFO[0157] Pulling docker/ucp-compose:3.1.8
We detected the following hostnames/IP addresses for this system [ip-10-0-0-51.ap-northeast-1.compute.internal 127.0.0.1 172.17.0.1 10.0.0.51]
You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0000] Initializing a new swarm at 10.0.0.51
INFO[0007] Installing UCP with host address 10.0.0.51 - If this is incorrect, please specify an alternative address with the '--host-address' flag
INFO[0007] Deploying UCP Service...
INFO[0077] Installation completed on ip-10-0-0-51.ap-northeast-1.compute.internal (node gfr42419cmfwz2xt57wgf8wmh)
INFO[0077] UCP Instance ID: izfuh7vqgm5z9v76473dckqvi
INFO[0077] UCP Server SSL: SHA-256 Fingerprint=54:84:37:11:3A:64:A4:33:73:03:21:E7:C4:BE:9E:97:8B:3B:09:C1:FC:99:5C:06:08:BC:E7:0B:4E:FD:B1:FC
INFO[0077] Login to UCP at https://10.0.0.51:443
INFO[0077] Username:
INFO[0077] Password: (your admin password)
#
コンテナが立ち上がったので、ログインしましょう。
・https://<自分のIPアドレス>:443
EC2の場合、ローカルのIPではなく、ElasticIPでのログインになります。
証明書のエラーが出ますが、スルーしましょう。
ログイン後ライセンスキーの投入画面が出ます。
2.DockerEngineEEインストールでダウンロードしたライセンスキーを投入します。
これでUCPのインストールは終了です。
#4.DTRインストール
UCP操作をしていきます。
・Admin Settingを選択
・Docker Trusted Registryを選択
UCP NODEをプルダウンから選択。
Disable TLS verification for UCPのチェックを外す。
そうして出てきたコマンドを、RHELに打ち込みますが
残念ながらエラーになるはずです。
DTRはデフォルトで443のポートを使用します。
UCPが既に443を使用しているので、競合が発生します。
UCPを別ポートにする対処を行いましょう。
・Cluster Configurationを選択
Controller Portを443から8443に変更します。
変更が終わったら、UCPには8443でアクセスが出来ることを確認しましょう。
・https://<自分のIPアドレス>:8443
# docker run -it --rm docker/dtr install --ucp-node ip-10-0-0-51.ap-northeast-1.compute.internal --ucp-username <ユーザ名> --ucp-url https://10.0.0.51:8443 --ucp-insecure-tls
INFO[0000] Beginning Docker Trusted Registry installation
ucp-password:<パスワード>
INFO[0003] Validating UCP cert
INFO[0003] Connecting to UCP
INFO[0003] health checking ucp
INFO[0003] Only one available UCP node detected. Picking UCP node 'ip-10-0-0-51.ap-northeast-1.compute.internal'
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0004] verifying [80 443] ports on ip-10-0-0-51.ap-northeast-1.compute.internal
INFO[0009] Waiting for running dtr-phase2 container to finish
INFO[0009] starting phase 2
INFO[0000] Validating UCP cert
INFO[0000] Connecting to UCP
INFO[0000] health checking ucp
INFO[0000] Verifying your system is compatible with DTR
INFO[0000] Checking if the node is okay to install on
WARN[0000] Node: ip-10-0-0-51.ap-northeast-1.compute.internal is a manager, it is **not** recommended for DTR to reside on a UCP manager node, see: https://docs.docker.com/ee/dtr/admin/install/system-requirements/ for more info.
WARN[0000] Installation will continue in 10 seconds...
INFO[0010] Using default overlay subnet: 10.1.0.0/24
INFO[0010] Creating network: dtr-ol
INFO[0010] Connecting to network: dtr-ol
INFO[0010] Waiting for phase2 container to be known to the Docker daemon
INFO[0011] Setting up replica volumes...
INFO[0011] Creating initial CA certificates
INFO[0011] Bootstrapping rethink...
INFO[0011] Creating dtr-rethinkdb-4bd224354f6a...
INFO[0020] Establishing connection with Rethinkdb
INFO[0021] Waiting for database dtr2 to exist
INFO[0021] Establishing connection with Rethinkdb
INFO[0021] Generated TLS certificate. dnsNames="[*.com *.*.com example.com *.dtr *.*.dtr]" domains="[*.com *.*.com 172.17.0.1 example.com *.dtr *.*.dtr]" ipAddresses="[172.17.0.1]"
INFO[0022] License config copied from UCP.
INFO[0022] Migrating db...
INFO[0000] Establishing connection with Rethinkdb
INFO[0000] Migrating database schema fromVersion=0 toVersion=10
INFO[0001] Waiting for database notaryserver to exist
INFO[0001] Waiting for database notarysigner to exist
INFO[0002] Waiting for database jobrunner to exist
INFO[0002] Migrated database from version 0 to 10
INFO[0025] Starting all containers...
INFO[0025] Getting container configuration and starting containers...
INFO[0025] Automatically configuring rethinkdb cache size to 14245 mb
INFO[0025] Recreating dtr-rethinkdb-4bd224354f6a...
INFO[0030] Creating dtr-registry-4bd224354f6a...
INFO[0038] Creating dtr-garant-4bd224354f6a...
INFO[0045] Creating dtr-api-4bd224354f6a...
INFO[0053] Creating dtr-notary-server-4bd224354f6a...
INFO[0060] Recreating dtr-nginx-4bd224354f6a...
INFO[0068] Creating dtr-jobrunner-4bd224354f6a...
INFO[0100] Creating dtr-notary-signer-4bd224354f6a...
INFO[0107] Creating dtr-scanningstore-4bd224354f6a...
INFO[0115] Trying to get the kv store connection back after reconfigure
INFO[0115] Establishing connection with Rethinkdb
INFO[0115] Verifying auth settings...
INFO[0115] Successfully registered dtr with UCP
INFO[0115] Installation is complete
INFO[0115] Replica ID is set to: 4bd224354f6a
INFO[0115] You can use flag '--existing-replica-id 4bd224354f6a' when joining other replicas to your Docker Trusted Registry Cluster
#
それでは、DTRにアクセスします。
・https://<自分のIPアドレス>:443
DTRの構築が無事終わりました。
レジストリとクライアント間の通信は、tlsのためCAの証明書が必要です。
下記コマンドでダウンロード配置を行います。
# curl -k https://<IPアドレス>/ca -o /etc/pki/ca-trust/source/anchors/hoge.crt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 774 100 774 0 0 23399 0 --:--:-- --:--:-- --:--:-- 24187
#
# update-ca-trust
#
# systemctl restart docker
#
これでプライベートなDockerレジストリの構築が完了しました。
あとは、docker push/pullで素敵なdockerライフを送りましょう。
Dockerレジストリ設定の記事はまた、別に書こうと思います。
#参考URL
https://docs.docker.com/install/linux/docker-ee/rhel/#find-your-docker-ee-repo-url
https://docs.docker.com/ee/ucp/admin/install/
https://docs.docker.com/ee/dtr/admin/install/
#以下、個人的なメモ
メモ
・dockerイメージは下記にする必要があります。
[ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]
# docker login 172.17.0.1:443
# docker tag registry.access.redhat.com/rhel7 [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]
# docker push [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]