やること
EC2にDockerレジストリを構築。
Docker Enterprise Edition 2.1を採用。
Dockerレジストリソフトは、DTRを採用。
サーバはAWSに構築。
用語整理
・Dockerレジストリ・・・Dockerイメージを保存する場所
・DockerHub・・・公式のDockerレジストリ(https://hub.docker.com/)
・DTR(Docker Trusted Registry)・・・今回構築するプライベートなDockerレジストリ
・UCP(Universal Control Plane)・・・DTRを操作するUI等を含むもの
イメージ図
バージョンマトリックス
| OS Distribution(x86_64) | Enterprise Engine | UCP | DTR | Storage Driver | Orchestration | DTR Storage Backend |
|---|---|---|---|---|---|---|
| RHEL 7.4 | 18.09.x | 3.1.x | 2.6.x | overlay2, devicemapper | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
| RHEL 7.5 | 18.09.x | 3.1.x | 2.6.x | overlay2 | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
| RHEL 7.6 | 18.09.x | 3.1.x starting with 3.1.3 | 2.6.x starting with 2.6.2 | overlay2 | Swarm mode, Kubernetes | NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem |
構築手順
1.EC2構築
2.DockerEngineEEインストール
3.UCPインストール
4.DTRインストール
1.EC2構築
AMI:RHEL-7.5_HVM_GA-20180322-x86_64-1-Hourly2-GP2 (ami-6b0d5f0d)
インスタンスタイプ:t2.2xlarge
※DTR要件(最低限/推奨)
メモリ:16GB/16GB
CPU:2CPU/4CPU
Disk:10GB/25-100GB
参考URL:https://docs.docker.com/ee/dtr/admin/install/system-requirements/
2.DockerEngineEEインストール
DockerEEはDockerHubから取得できます。
EEは1ヶ月間だけ、試用版で使えますので、ダウンロードします。
https://hub.docker.com/search/?q=&type=edition&offering=enterprise
※アカウント必須
・上記URLアクセス後、
Docker Enterprise (Red Hat Enterprise Linux)を選択。
Start 1 Month Trialを選択。
License Keyを選択して、ダウンロードします。
Copy and paste this URL to download your EditonがDockerEEのリポジトリのため、コピーしておきます。
ライセンスのダウンロードが終わったので、インストールを行っていきます。
$ sudo -s
# export DOCKERURL="リポジトリのURL"
# sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
# sh -c 'echo "7.5" > /etc/yum/vars/dockerosversion'
# yum install -y yum-utils device-mapper-persistent-data lvm2
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
rhui-REGION-client-config-server-7 | 2.9 kB 00:00:00
rhui-REGION-rhel-server-releases | 3.5 kB 00:00:00
rhui-REGION-rhel-server-rh-common | 3.8 kB 00:00:00
(1/7): rhui-REGION-client-config-server-7/x86_64/primary_db | 3.3 kB 00:00:00
(2/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/group | 124 B 00:00:00
(3/7): rhui-REGION-rhel-server-releases/7Server/x86_64/group | 774 kB 00:00:00
(4/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/primary_db | 117 kB 00:00:00
(5/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/updateinfo | 33 kB 00:00:00
(6/7): rhui-REGION-rhel-server-releases/7Server/x86_64/updateinfo | 3.2 MB 00:00:00
(7/7): rhui-REGION-rhel-server-releases/7Server/x86_64/primary_db | 57 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 will be installed
--> Processing Dependency: libaio.so.1(LIBAIO_0.1)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.4)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1()(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
---> Package lvm2.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: lvm2-libs = 7:2.02.180-10.el7_6.8 for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
---> Package yum-utils.noarch 0:1.1.31-45.el7 will be updated
---> Package yum-utils.noarch 0:1.1.31-50.el7 will be an update
--> Running transaction check
---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8 will be installed
---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed
---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper-event = 7:1.02.149-10.el7_6.8 for package: 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper = 7:1.02.149-10.el7_6.8 for package: 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.146-4.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.146-4.el7 for package: 7:device-mapper-libs-1.02.146-4.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.146-4.el7 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
device-mapper-persistent-data x86_64 0.7.3-3.el7 rhui-REGION-rhel-server-releases 405 k
lvm2 x86_64 7:2.02.180-10.el7_6.8 rhui-REGION-rhel-server-releases 1.3 M
Updating:
yum-utils noarch 1.1.31-50.el7 rhui-REGION-rhel-server-releases 121 k
Installing for dependencies:
device-mapper-event x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 189 k
device-mapper-event-libs x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 188 k
libaio x86_64 0.3.109-13.el7 rhui-REGION-rhel-server-releases 24 k
lvm2-libs x86_64 7:2.02.180-10.el7_6.8 rhui-REGION-rhel-server-releases 1.1 M
Updating for dependencies:
device-mapper x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 293 k
device-mapper-libs x86_64 7:1.02.149-10.el7_6.8 rhui-REGION-rhel-server-releases 321 k
Transaction Summary
============================================================================================================
Install 2 Packages (+4 Dependent packages)
Upgrade 1 Package (+2 Dependent packages)
Total download size: 3.9 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/9): device-mapper-1.02.149-10.el7_6.8.x86_64.rpm | 293 kB 00:00:00
(2/9): device-mapper-event-1.02.149-10.el7_6.8.x86_64.rpm | 189 kB 00:00:00
(3/9): device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64.rpm | 188 kB 00:00:00
(4/9): device-mapper-libs-1.02.149-10.el7_6.8.x86_64.rpm | 321 kB 00:00:00
(5/9): device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm | 405 kB 00:00:00
(6/9): libaio-0.3.109-13.el7.x86_64.rpm | 24 kB 00:00:00
(7/9): lvm2-libs-2.02.180-10.el7_6.8.x86_64.rpm | 1.1 MB 00:00:00
(8/9): lvm2-2.02.180-10.el7_6.8.x86_64.rpm | 1.3 MB 00:00:00
(9/9): yum-utils-1.1.31-50.el7.noarch.rpm | 121 kB 00:00:00
------------------------------------------------------------------------------------------------------------
Total 7.1 MB/s | 3.9 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 7:device-mapper-1.02.149-10.el7_6.8.x86_64 1/12
Updating : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64 2/12
Installing : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64 3/12
Installing : libaio-0.3.109-13.el7.x86_64 4/12
Installing : device-mapper-persistent-data-0.7.3-3.el7.x86_64 5/12
Installing : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64 6/12
Installing : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64 7/12
Installing : 7:lvm2-2.02.180-10.el7_6.8.x86_64 8/12
Updating : yum-utils-1.1.31-50.el7.noarch 9/12
Cleanup : yum-utils-1.1.31-45.el7.noarch 10/12
Cleanup : 7:device-mapper-1.02.146-4.el7.x86_64 11/12
Cleanup : 7:device-mapper-libs-1.02.146-4.el7.x86_64 12/12
Verifying : device-mapper-persistent-data-0.7.3-3.el7.x86_64 1/12
Verifying : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64 2/12
Verifying : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64 3/12
Verifying : yum-utils-1.1.31-50.el7.noarch 4/12
Verifying : 7:lvm2-2.02.180-10.el7_6.8.x86_64 5/12
Verifying : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64 6/12
Verifying : libaio-0.3.109-13.el7.x86_64 7/12
Verifying : 7:device-mapper-1.02.149-10.el7_6.8.x86_64 8/12
Verifying : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64 9/12
Verifying : 7:device-mapper-1.02.146-4.el7.x86_64 10/12
Verifying : yum-utils-1.1.31-45.el7.noarch 11/12
Verifying : 7:device-mapper-libs-1.02.146-4.el7.x86_64 12/12
Installed:
device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 lvm2.x86_64 7:2.02.180-10.el7_6.8
Dependency Installed:
device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8
libaio.x86_64 0:0.3.109-13.el7 lvm2-libs.x86_64 7:2.02.180-10.el7_6.8
Updated:
yum-utils.noarch 0:1.1.31-50.el7
Dependency Updated:
device-mapper.x86_64 7:1.02.149-10.el7_6.8 device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8
Complete!
#
Dockerエンジンのインストールには、
標準リポジトリのみだと足りないため、
拡張リポジトリの有効化をします。
# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: amazon-id, rhui-lb
#
以下はAWS独自の手順です。
拡張のリポジトリを有効化します。
クラウドベンダによって手順は違います。
# yum-config-manager --enable rhui-REGION-rhel-server-extras
Loaded plugins: amazon-id, rhui-lb
=================================== repo: rhui-REGION-rhel-server-extras =================================
[rhui-REGION-rhel-server-extras]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7Server
baseurl =
cache = 0
cachedir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage =
enabled = 1
enablegroups = True
exclude =
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgcadir
gpgcakey =
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgdir
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
hdrdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/headers
http_caching = all
includepkgs =
ip_resolve =
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid =
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink =
minrate = 0
mirrorlist = https://rhui2-cds01.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/7/7Ser r/x86_64/extras/os
mirrorlist_expire = 86400
name = Red Hat Enterprise Linux Server 7 Extra(RPMs)
old_base_cache_dir =
password =
persistdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras
pkgdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/packages
proxy = False
proxy_dict =
proxy_password =
proxy_username =
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert = /etc/pki/rhui/cdn.redhat.com-chain.crt
sslclientcert = /etc/pki/rhui/product/content-rhel7.crt
sslclientkey = /etc/pki/rhui/content-rhel7.key
sslverify = True
throttle = 0
timeout = 30.0
ui_id = rhui-REGION-rhel-server-extras/7Server/x86_64
ui_repoid_vars = releasever,
basearch
username =
DockerEngine用のリポジトリ有効化します。
# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
Loaded plugins: amazon-id, rhui-lb
adding repo from: https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo
grabbing file https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo to /etc/yum.repos.d/docker-ee.repo
repo saved to /etc/yum.repos.d/docker-ee.repo
#
リポジトリの準備が終わったので、インストールをします。
# yum -y install docker-ee docker-ee-cli containerd.io
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
docker-ee-stable-18.09 | 3.5 kB 00:00:00
rhui-REGION-rhel-server-extras | 3.4 kB 00:00:00
rhui-REGION-rhel-server-releases | 3.5 kB 00:00:00
rhui-REGION-rhel-server-rh-common | 3.8 kB 00:00:00
(1/5): rhui-REGION-rhel-server-extras/7Server/x86_64/group | 124 B 00:00:00
(2/5): rhui-REGION-rhel-server-extras/7Server/x86_64/updateinfo | 200 kB 00:00:00
(3/5): rhui-REGION-rhel-server-extras/7Server/x86_64/primary_db | 536 kB 00:00:00
(4/5): docker-ee-stable-18.09/x86_64/updateinfo | 55 B 00:00:01
(5/5): docker-ee-stable-18.09/x86_64/primary_db | 14 kB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package containerd.io.x86_64 0:1.2.6-3.3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.2.6-3.3.el7.x86_64
---> Package docker-ee.x86_64 3:18.09.7-3.el7 will be installed
---> Package docker-ee-cli.x86_64 1:18.09.7-3.el7 will be installed
--> Running transaction check
---> Package container-selinux.noarch 2:2.99-1.el7_6 will be installed
--> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
--> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
---> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Running transaction check
---> Package libsemanage.x86_64 0:2.5-11.el7 will be updated
--> Processing Dependency: libsemanage = 2.5-11.el7 for package: libsemanage-python-2.5-11.el7.x86_64
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
--> Processing Dependency: libselinux >= 2.5-14 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol >= 2.5-10 for package: libsemanage-2.5-14.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-22.el7 will be updated
--> Processing Dependency: policycoreutils = 2.5-22.el7 for package: policycoreutils-python-2.5-22.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux.x86_64 0:2.5-12.el7 will be updated
--> Processing Dependency: libselinux(x86-64) = 2.5-12.el7 for package: libselinux-python-2.5-12.el7.x86_64
---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update
---> Package libsemanage-python.x86_64 0:2.5-11.el7 will be updated
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be an update
---> Package libsepol.x86_64 0:2.5-8.1.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-22.el7 will be updated
---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update
---> Package setools-libs.x86_64 0:3.3.8-2.el7 will be updated
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
containerd.io x86_64 1.2.6-3.3.el7 docker-ee-stable-18.09 26 M
docker-ee x86_64 3:18.09.7-3.el7 docker-ee-stable-18.09 21 M
docker-ee-cli x86_64 1:18.09.7-3.el7 docker-ee-stable-18.09 15 M
Installing for dependencies:
container-selinux noarch 2:2.99-1.el7_6 rhui-REGION-rhel-server-extras 39 k
Updating for dependencies:
libselinux x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 162 k
libselinux-python x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 236 k
libselinux-utils x86_64 2.5-14.1.el7 rhui-REGION-rhel-server-releases 152 k
libsemanage x86_64 2.5-14.el7 rhui-REGION-rhel-server-releases 151 k
libsemanage-python x86_64 2.5-14.el7 rhui-REGION-rhel-server-releases 113 k
libsepol x86_64 2.5-10.el7 rhui-REGION-rhel-server-releases 297 k
policycoreutils x86_64 2.5-29.el7_6.1 rhui-REGION-rhel-server-releases 916 k
policycoreutils-python x86_64 2.5-29.el7_6.1 rhui-REGION-rhel-server-releases 456 k
selinux-policy noarch 3.13.1-229.el7_6.12 rhui-REGION-rhel-server-releases 484 k
selinux-policy-targeted noarch 3.13.1-229.el7_6.12 rhui-REGION-rhel-server-releases 6.9 M
setools-libs x86_64 3.3.8-4.el7 rhui-REGION-rhel-server-releases 620 k
Transaction Summary
============================================================================================================
Install 3 Packages (+ 1 Dependent package)
Upgrade ( 11 Dependent packages)
Total download size: 72 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/15): container-selinux-2.99-1.el7_6.noarch.rpm | 39 kB 00:00:00
warning: /var/cache/yum/x86_64/7Server/docker-ee-stable-18.09/packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 76682bc9: NOKEY
Public key for containerd.io-1.2.6-3.3.el7.x86_64.rpm is not installed
(2/15): containerd.io-1.2.6-3.3.el7.x86_64.rpm | 26 MB 00:00:03
(3/15): docker-ee-18.09.7-3.el7.x86_64.rpm | 21 MB 00:00:03
(4/15): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00
(5/15): libselinux-utils-2.5-14.1.el7.x86_64.rpm | 152 kB 00:00:00
(6/15): libselinux-python-2.5-14.1.el7.x86_64.rpm | 236 kB 00:00:00
(7/15): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00
(8/15): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00
(9/15): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00
(10/15): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:00:00
(11/15): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:00:00
(12/15): selinux-policy-3.13.1-229.el7_6.12.noarch.rpm | 484 kB 00:00:00
(13/15): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00
(14/15): selinux-policy-targeted-3.13.1-229.el7_6.12.noarch.rpm | 6.9 MB 00:00:00
(15/15): docker-ee-cli-18.09.7-3.el7.x86_64.rpm | 15 MB 00:00:02
------------------------------------------------------------------------------------------------------------
Total 11 MB/s | 72 MB 00:00:06
Retrieving key from https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Importing GPG key 0x76682BC9:
Userid : "Docker Release (EE rpm) <docker@docker.com>"
Fingerprint: 77fe da13 1a83 1d29 a418 d3e8 99e5 ff2e 7668 2bc9
From : https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libsepol-2.5-10.el7.x86_64 1/26
Updating : libselinux-2.5-14.1.el7.x86_64 2/26
Updating : libsemanage-2.5-14.el7.x86_64 3/26
Updating : libselinux-utils-2.5-14.1.el7.x86_64 4/26
Updating : policycoreutils-2.5-29.el7_6.1.x86_64 5/26
Updating : selinux-policy-3.13.1-229.el7_6.12.noarch 6/26
Updating : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch 7/26
Updating : libsemanage-python-2.5-14.el7.x86_64 8/26
Updating : setools-libs-3.3.8-4.el7.x86_64 9/26
Updating : libselinux-python-2.5-14.1.el7.x86_64 10/26
Updating : policycoreutils-python-2.5-29.el7_6.1.x86_64 11/26
Installing : 2:container-selinux-2.99-1.el7_6.noarch 12/26
Installing : containerd.io-1.2.6-3.3.el7.x86_64 13/26
Installing : 1:docker-ee-cli-18.09.7-3.el7.x86_64 14/26
Installing : 3:docker-ee-18.09.7-3.el7.x86_64 15/26
Cleanup : selinux-policy-targeted-3.13.1-192.el7.noarch 16/26
Cleanup : policycoreutils-python-2.5-22.el7.x86_64 17/26
Cleanup : selinux-policy-3.13.1-192.el7.noarch 18/26
Cleanup : policycoreutils-2.5-22.el7.x86_64 19/26
Cleanup : libselinux-utils-2.5-12.el7.x86_64 20/26
Cleanup : setools-libs-3.3.8-2.el7.x86_64 21/26
Cleanup : libselinux-python-2.5-12.el7.x86_64 22/26
Cleanup : libsemanage-python-2.5-11.el7.x86_64 23/26
Cleanup : libsemanage-2.5-11.el7.x86_64 24/26
Cleanup : libselinux-2.5-12.el7.x86_64 25/26
Cleanup : libsepol-2.5-8.1.el7.x86_64 26/26
Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 1/26
Verifying : 1:docker-ee-cli-18.09.7-3.el7.x86_64 2/26
Verifying : setools-libs-3.3.8-4.el7.x86_64 3/26
Verifying : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch 4/26
Verifying : selinux-policy-3.13.1-229.el7_6.12.noarch 5/26
Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 6/26
Verifying : libsemanage-python-2.5-14.el7.x86_64 7/26
Verifying : libsemanage-2.5-14.el7.x86_64 8/26
Verifying : libsepol-2.5-10.el7.x86_64 9/26
Verifying : containerd.io-1.2.6-3.3.el7.x86_64 10/26
Verifying : libselinux-python-2.5-14.1.el7.x86_64 11/26
Verifying : libselinux-utils-2.5-14.1.el7.x86_64 12/26
Verifying : 2:container-selinux-2.99-1.el7_6.noarch 13/26
Verifying : libselinux-2.5-14.1.el7.x86_64 14/26
Verifying : 3:docker-ee-18.09.7-3.el7.x86_64 15/26
Verifying : libsemanage-python-2.5-11.el7.x86_64 16/26
Verifying : libsemanage-2.5-11.el7.x86_64 17/26
Verifying : libselinux-python-2.5-12.el7.x86_64 18/26
Verifying : setools-libs-3.3.8-2.el7.x86_64 19/26
Verifying : policycoreutils-2.5-22.el7.x86_64 20/26
Verifying : policycoreutils-python-2.5-22.el7.x86_64 21/26
Verifying : selinux-policy-targeted-3.13.1-192.el7.noarch 22/26
Verifying : libsepol-2.5-8.1.el7.x86_64 23/26
Verifying : selinux-policy-3.13.1-192.el7.noarch 24/26
Verifying : libselinux-2.5-12.el7.x86_64 25/26
Verifying : libselinux-utils-2.5-12.el7.x86_64 26/26
Installed:
containerd.io.x86_64 0:1.2.6-3.3.el7 docker-ee.x86_64 3:18.09.7-3.el7
docker-ee-cli.x86_64 1:18.09.7-3.el7
Dependency Installed:
container-selinux.noarch 2:2.99-1.el7_6
Dependency Updated:
libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7
libselinux-utils.x86_64 0:2.5-14.1.el7 libsemanage.x86_64 0:2.5-14.el7
libsemanage-python.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7
policycoreutils.x86_64 0:2.5-29.el7_6.1 policycoreutils-python.x86_64 0:2.5-29.el7_6.1
selinux-policy.noarch 0:3.13.1-229.el7_6.12 selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12
setools-libs.x86_64 0:3.3.8-4.el7
Complete!
#
これで完了。
Dockerサービスを起動させましょう。
# systemctl start docker
# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2019-07-06 04:49:42 UTC; 4s ago
Docs: https://docs.docker.com
Main PID: 2341 (dockerd)
Tasks: 8
Memory: 31.7M
CGroup: /system.slice/docker.service
mq2341 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.68..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.76..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.81..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82...7
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.86..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal systemd[1]: Started Docker Application Cont....
Hint: Some lines were ellipsized, use -l to show in full.
#
せっかくなので、コンテナ立ち上げテスト。
ubuntuを立ち上げます。
# docker run -it ubuntu bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
5b7339215d1d: Pull complete
14ca88e9f672: Pull complete
a31c3b1caad4: Pull complete
b054a26005b7: Pull complete
Digest: sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c
Status: Downloaded newer image for ubuntu:latest
root@13841ed1810a:/#
root@13841ed1810a:/# exit
exit
#
これでDockerEEは終了です。
3.UCPインストール
まずは、UCPのコンテナイメージをDockerHubからpullします。
# docker image pull docker/ucp:3.1.8
3.1.8: Pulling from docker/ucp
c87736221ed0: Pull complete
831158f6c3f0: Pull complete
7eaca31ce090: Pull complete
Digest: sha256:048414d9d3fd5cc93b3a762582c2cea73b94ef5449072b16231f13b9e355c1e4
Status: Downloaded newer image for docker/ucp:3.1.8
#
イメージをpullしたので、コンテナを立ち上げます。
# docker container run --rm -it --name ucp \
> -v /var/run/docker.sock:/var/run/docker.sock \
> docker/ucp:3.1.8 install \
> --host-address <自分のIPアドレス> \
> --interactive
INFO[0000] Your engine version 18.09.7, build b81f474 (3.10.0-862.el7.x86_64) is compatible with UCP 3.1.8 (b22346c)
Admin Username: <ユーザー名>
Admin Password: <パスワード>
Confirm Admin Password: <パスワード>
INFO[0031] Pulling required images... (this may take a while)
INFO[0031] Pulling docker/ucp-etcd:3.1.8
INFO[0036] Pulling docker/ucp-agent:3.1.8
INFO[0040] Pulling docker/ucp-kube-compose:3.1.8
INFO[0044] Pulling docker/ucp-hyperkube:3.1.8
INFO[0059] Pulling docker/ucp-kube-dns:3.1.8
INFO[0063] Pulling docker/ucp-metrics:3.1.8
INFO[0068] Pulling docker/ucp-auth:3.1.8
INFO[0072] Pulling docker/ucp-azure-ip-allocator:3.1.8
INFO[0075] Pulling docker/ucp-interlock-extension:3.1.8
INFO[0079] Pulling docker/ucp-interlock-proxy:3.1.8
INFO[0083] Pulling docker/ucp-calico-kube-controllers:3.1.8
INFO[0091] Pulling docker/ucp-calico-node:3.1.8
INFO[0097] Pulling docker/ucp-dsinfo:3.1.8
INFO[0113] Pulling docker/ucp-swarm:3.1.8
INFO[0116] Pulling docker/ucp-auth-store:3.1.8
INFO[0121] Pulling docker/ucp-kube-dns-sidecar:3.1.8
INFO[0125] Pulling docker/ucp-interlock:3.1.8
INFO[0128] Pulling docker/ucp-calico-cni:3.1.8
INFO[0133] Pulling docker/ucp-kube-dns-dnsmasq-nanny:3.1.8
INFO[0138] Pulling docker/ucp-pause:3.1.8
INFO[0141] Pulling docker/ucp-kube-compose-api:3.1.8
INFO[0146] Pulling docker/ucp-cfssl:3.1.8
INFO[0149] Pulling docker/ucp-controller:3.1.8
INFO[0157] Pulling docker/ucp-compose:3.1.8
We detected the following hostnames/IP addresses for this system [ip-10-0-0-51.ap-northeast-1.compute.internal 127.0.0.1 172.17.0.1 10.0.0.51]
You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0000] Initializing a new swarm at 10.0.0.51
INFO[0007] Installing UCP with host address 10.0.0.51 - If this is incorrect, please specify an alternative address with the '--host-address' flag
INFO[0007] Deploying UCP Service...
INFO[0077] Installation completed on ip-10-0-0-51.ap-northeast-1.compute.internal (node gfr42419cmfwz2xt57wgf8wmh)
INFO[0077] UCP Instance ID: izfuh7vqgm5z9v76473dckqvi
INFO[0077] UCP Server SSL: SHA-256 Fingerprint=54:84:37:11:3A:64:A4:33:73:03:21:E7:C4:BE:9E:97:8B:3B:09:C1:FC:99:5C:06:08:BC:E7:0B:4E:FD:B1:FC
INFO[0077] Login to UCP at https://10.0.0.51:443
INFO[0077] Username:
INFO[0077] Password: (your admin password)
#
コンテナが立ち上がったので、ログインしましょう。
・https://<自分のIPアドレス>:443
EC2の場合、ローカルのIPではなく、ElasticIPでのログインになります。
証明書のエラーが出ますが、スルーしましょう。
ログイン後ライセンスキーの投入画面が出ます。
2.DockerEngineEEインストールでダウンロードしたライセンスキーを投入します。
これでUCPのインストールは終了です。
4.DTRインストール
UCP操作をしていきます。
・Admin Settingを選択
・Docker Trusted Registryを選択
UCP NODEをプルダウンから選択。
Disable TLS verification for UCPのチェックを外す。
そうして出てきたコマンドを、RHELに打ち込みますが
残念ながらエラーになるはずです。
DTRはデフォルトで443のポートを使用します。
UCPが既に443を使用しているので、競合が発生します。
UCPを別ポートにする対処を行いましょう。
・Cluster Configurationを選択
Controller Portを443から8443に変更します。
変更が終わったら、UCPには8443でアクセスが出来ることを確認しましょう。
・https://<自分のIPアドレス>:8443
# docker run -it --rm docker/dtr install --ucp-node ip-10-0-0-51.ap-northeast-1.compute.internal --ucp-username <ユーザ名> --ucp-url https://10.0.0.51:8443 --ucp-insecure-tls
INFO[0000] Beginning Docker Trusted Registry installation
ucp-password:<パスワード>
INFO[0003] Validating UCP cert
INFO[0003] Connecting to UCP
INFO[0003] health checking ucp
INFO[0003] Only one available UCP node detected. Picking UCP node 'ip-10-0-0-51.ap-northeast-1.compute.internal'
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0004] verifying [80 443] ports on ip-10-0-0-51.ap-northeast-1.compute.internal
INFO[0009] Waiting for running dtr-phase2 container to finish
INFO[0009] starting phase 2
INFO[0000] Validating UCP cert
INFO[0000] Connecting to UCP
INFO[0000] health checking ucp
INFO[0000] Verifying your system is compatible with DTR
INFO[0000] Checking if the node is okay to install on
WARN[0000] Node: ip-10-0-0-51.ap-northeast-1.compute.internal is a manager, it is **not** recommended for DTR to reside on a UCP manager node, see: https://docs.docker.com/ee/dtr/admin/install/system-requirements/ for more info.
WARN[0000] Installation will continue in 10 seconds...
INFO[0010] Using default overlay subnet: 10.1.0.0/24
INFO[0010] Creating network: dtr-ol
INFO[0010] Connecting to network: dtr-ol
INFO[0010] Waiting for phase2 container to be known to the Docker daemon
INFO[0011] Setting up replica volumes...
INFO[0011] Creating initial CA certificates
INFO[0011] Bootstrapping rethink...
INFO[0011] Creating dtr-rethinkdb-4bd224354f6a...
INFO[0020] Establishing connection with Rethinkdb
INFO[0021] Waiting for database dtr2 to exist
INFO[0021] Establishing connection with Rethinkdb
INFO[0021] Generated TLS certificate. dnsNames="[*.com *.*.com example.com *.dtr *.*.dtr]" domains="[*.com *.*.com 172.17.0.1 example.com *.dtr *.*.dtr]" ipAddresses="[172.17.0.1]"
INFO[0022] License config copied from UCP.
INFO[0022] Migrating db...
INFO[0000] Establishing connection with Rethinkdb
INFO[0000] Migrating database schema fromVersion=0 toVersion=10
INFO[0001] Waiting for database notaryserver to exist
INFO[0001] Waiting for database notarysigner to exist
INFO[0002] Waiting for database jobrunner to exist
INFO[0002] Migrated database from version 0 to 10
INFO[0025] Starting all containers...
INFO[0025] Getting container configuration and starting containers...
INFO[0025] Automatically configuring rethinkdb cache size to 14245 mb
INFO[0025] Recreating dtr-rethinkdb-4bd224354f6a...
INFO[0030] Creating dtr-registry-4bd224354f6a...
INFO[0038] Creating dtr-garant-4bd224354f6a...
INFO[0045] Creating dtr-api-4bd224354f6a...
INFO[0053] Creating dtr-notary-server-4bd224354f6a...
INFO[0060] Recreating dtr-nginx-4bd224354f6a...
INFO[0068] Creating dtr-jobrunner-4bd224354f6a...
INFO[0100] Creating dtr-notary-signer-4bd224354f6a...
INFO[0107] Creating dtr-scanningstore-4bd224354f6a...
INFO[0115] Trying to get the kv store connection back after reconfigure
INFO[0115] Establishing connection with Rethinkdb
INFO[0115] Verifying auth settings...
INFO[0115] Successfully registered dtr with UCP
INFO[0115] Installation is complete
INFO[0115] Replica ID is set to: 4bd224354f6a
INFO[0115] You can use flag '--existing-replica-id 4bd224354f6a' when joining other replicas to your Docker Trusted Registry Cluster
#
それでは、DTRにアクセスします。
・https://<自分のIPアドレス>:443
DTRの構築が無事終わりました。
レジストリとクライアント間の通信は、tlsのためCAの証明書が必要です。
下記コマンドでダウンロード配置を行います。
# curl -k https://<IPアドレス>/ca -o /etc/pki/ca-trust/source/anchors/hoge.crt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 774 100 774 0 0 23399 0 --:--:-- --:--:-- --:--:-- 24187
#
# update-ca-trust
#
# systemctl restart docker
#
これでプライベートなDockerレジストリの構築が完了しました。
あとは、docker push/pullで素敵なdockerライフを送りましょう。
Dockerレジストリ設定の記事はまた、別に書こうと思います。
参考URL
https://docs.docker.com/install/linux/docker-ee/rhel/#find-your-docker-ee-repo-url
https://docs.docker.com/ee/ucp/admin/install/
https://docs.docker.com/ee/dtr/admin/install/
以下、個人的なメモ
メモ
・dockerイメージは下記にする必要があります。
# docker login 172.17.0.1:443
# docker tag registry.access.redhat.com/rhel7 [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]
# docker push [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]