0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

RHEL7 DockerRegistryレジストリ構築 Enterprise Edition ~構築編~

Last updated at Posted at 2019-07-06

#やること
EC2にDockerレジストリを構築。
Docker Enterprise Edition 2.1を採用。
Dockerレジストリソフトは、DTRを採用。
サーバはAWSに構築。

#用語整理
・Dockerレジストリ・・・Dockerイメージを保存する場所
・DockerHub・・・公式のDockerレジストリ(https://hub.docker.com/)
・DTR(Docker Trusted Registry)・・・今回構築するプライベートなDockerレジストリ
・UCP(Universal Control Plane)・・・DTRを操作するUI等を含むもの

イメージ図
image.png

#バージョンマトリックス

OS Distribution(x86_64) Enterprise Engine UCP DTR Storage Driver Orchestration DTR Storage Backend
RHEL 7.4 18.09.x 3.1.x 2.6.x overlay2, devicemapper Swarm mode, Kubernetes NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem
RHEL 7.5 18.09.x 3.1.x 2.6.x overlay2 Swarm mode, Kubernetes NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem
RHEL 7.6 18.09.x 3.1.x starting with 3.1.3 2.6.x starting with 2.6.2 overlay2 Swarm mode, Kubernetes NFSv4, NFSv3, Amazon S3, S3 Compliant Alternatives, Azure Storage (Blob), Google Cloud Storage, OpenStack Swift, Local Filesystem

#構築手順
1.EC2構築
2.DockerEngineEEインストール
3.UCPインストール
4.DTRインストール

#1.EC2構築
AMI:RHEL-7.5_HVM_GA-20180322-x86_64-1-Hourly2-GP2 (ami-6b0d5f0d)
インスタンスタイプ:t2.2xlarge

※DTR要件(最低限/推奨)
メモリ:16GB/16GB
CPU:2CPU/4CPU
Disk:10GB/25-100GB
参考URL:https://docs.docker.com/ee/dtr/admin/install/system-requirements/

#2.DockerEngineEEインストール
DockerEEはDockerHubから取得できます。
EEは1ヶ月間だけ、試用版で使えますので、ダウンロードします。

https://hub.docker.com/search/?q=&type=edition&offering=enterprise
※アカウント必須

・上記URLアクセス後、
Docker Enterprise (Red Hat Enterprise Linux)を選択。
Start 1 Month Trialを選択。
License Keyを選択して、ダウンロードします。
Copy and paste this URL to download your EditonがDockerEEのリポジトリのため、コピーしておきます。

image.png

ライセンスのダウンロードが終わったので、インストールを行っていきます。

$ sudo -s
# export DOCKERURL="リポジトリのURL"
# sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
# sh -c 'echo "7.5" > /etc/yum/vars/dockerosversion'
# yum install -y yum-utils device-mapper-persistent-data lvm2
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
rhui-REGION-client-config-server-7                                                   | 2.9 kB  00:00:00
rhui-REGION-rhel-server-releases                                                     | 3.5 kB  00:00:00
rhui-REGION-rhel-server-rh-common                                                    | 3.8 kB  00:00:00
(1/7): rhui-REGION-client-config-server-7/x86_64/primary_db                          | 3.3 kB  00:00:00
(2/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/group                        |  124 B  00:00:00
(3/7): rhui-REGION-rhel-server-releases/7Server/x86_64/group                         | 774 kB  00:00:00
(4/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/primary_db                   | 117 kB  00:00:00
(5/7): rhui-REGION-rhel-server-rh-common/7Server/x86_64/updateinfo                   |  33 kB  00:00:00
(6/7): rhui-REGION-rhel-server-releases/7Server/x86_64/updateinfo                    | 3.2 MB  00:00:00
(7/7): rhui-REGION-rhel-server-releases/7Server/x86_64/primary_db                    |  57 MB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.7.3-3.el7 will be installed
--> Processing Dependency: libaio.so.1(LIBAIO_0.1)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.4)(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
--> Processing Dependency: libaio.so.1()(64bit) for package: device-mapper-persistent-data-0.7.3-3.el7.x86_64
---> Package lvm2.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: lvm2-libs = 7:2.02.180-10.el7_6.8 for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2(Base)(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: libdevmapper-event.so.1.02()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
--> Processing Dependency: liblvm2app.so.2.2()(64bit) for package: 7:lvm2-2.02.180-10.el7_6.8.x86_64
---> Package yum-utils.noarch 0:1.1.31-45.el7 will be updated
---> Package yum-utils.noarch 0:1.1.31-50.el7 will be an update
--> Running transaction check
---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8 will be installed
---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed
---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper-event = 7:1.02.149-10.el7_6.8 for package: 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 will be installed
--> Processing Dependency: device-mapper = 7:1.02.149-10.el7_6.8 for package: 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.146-4.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.146-4.el7 for package: 7:device-mapper-libs-1.02.146-4.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.146-4.el7 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================
 Package                         Arch     Version                  Repository                          Size
============================================================================================================
Installing:
 device-mapper-persistent-data   x86_64   0.7.3-3.el7              rhui-REGION-rhel-server-releases   405 k
 lvm2                            x86_64   7:2.02.180-10.el7_6.8    rhui-REGION-rhel-server-releases   1.3 M
Updating:
 yum-utils                       noarch   1.1.31-50.el7            rhui-REGION-rhel-server-releases   121 k
Installing for dependencies:
 device-mapper-event             x86_64   7:1.02.149-10.el7_6.8    rhui-REGION-rhel-server-releases   189 k
 device-mapper-event-libs        x86_64   7:1.02.149-10.el7_6.8    rhui-REGION-rhel-server-releases   188 k
 libaio                          x86_64   0.3.109-13.el7           rhui-REGION-rhel-server-releases    24 k
 lvm2-libs                       x86_64   7:2.02.180-10.el7_6.8    rhui-REGION-rhel-server-releases   1.1 M
Updating for dependencies:
 device-mapper                   x86_64   7:1.02.149-10.el7_6.8    rhui-REGION-rhel-server-releases   293 k
 device-mapper-libs              x86_64   7:1.02.149-10.el7_6.8    rhui-REGION-rhel-server-releases   321 k

Transaction Summary
============================================================================================================
Install  2 Packages (+4 Dependent packages)
Upgrade  1 Package  (+2 Dependent packages)

Total download size: 3.9 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/9): device-mapper-1.02.149-10.el7_6.8.x86_64.rpm                                  | 293 kB  00:00:00
(2/9): device-mapper-event-1.02.149-10.el7_6.8.x86_64.rpm                            | 189 kB  00:00:00
(3/9): device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64.rpm                       | 188 kB  00:00:00
(4/9): device-mapper-libs-1.02.149-10.el7_6.8.x86_64.rpm                             | 321 kB  00:00:00
(5/9): device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm                          | 405 kB  00:00:00
(6/9): libaio-0.3.109-13.el7.x86_64.rpm                                              |  24 kB  00:00:00
(7/9): lvm2-libs-2.02.180-10.el7_6.8.x86_64.rpm                                      | 1.1 MB  00:00:00
(8/9): lvm2-2.02.180-10.el7_6.8.x86_64.rpm                                           | 1.3 MB  00:00:00
(9/9): yum-utils-1.1.31-50.el7.noarch.rpm                                            | 121 kB  00:00:00
------------------------------------------------------------------------------------------------------------
Total                                                                       7.1 MB/s | 3.9 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 7:device-mapper-1.02.149-10.el7_6.8.x86_64                                              1/12
  Updating   : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64                                         2/12
  Installing : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64                                   3/12
  Installing : libaio-0.3.109-13.el7.x86_64                                                            4/12
  Installing : device-mapper-persistent-data-0.7.3-3.el7.x86_64                                        5/12
  Installing : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64                                        6/12
  Installing : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64                                                  7/12
  Installing : 7:lvm2-2.02.180-10.el7_6.8.x86_64                                                       8/12
  Updating   : yum-utils-1.1.31-50.el7.noarch                                                          9/12
  Cleanup    : yum-utils-1.1.31-45.el7.noarch                                                         10/12
  Cleanup    : 7:device-mapper-1.02.146-4.el7.x86_64                                                  11/12
  Cleanup    : 7:device-mapper-libs-1.02.146-4.el7.x86_64                                             12/12
  Verifying  : device-mapper-persistent-data-0.7.3-3.el7.x86_64                                        1/12
  Verifying  : 7:device-mapper-event-libs-1.02.149-10.el7_6.8.x86_64                                   2/12
  Verifying  : 7:device-mapper-libs-1.02.149-10.el7_6.8.x86_64                                         3/12
  Verifying  : yum-utils-1.1.31-50.el7.noarch                                                          4/12
  Verifying  : 7:lvm2-2.02.180-10.el7_6.8.x86_64                                                       5/12
  Verifying  : 7:lvm2-libs-2.02.180-10.el7_6.8.x86_64                                                  6/12
  Verifying  : libaio-0.3.109-13.el7.x86_64                                                            7/12
  Verifying  : 7:device-mapper-1.02.149-10.el7_6.8.x86_64                                              8/12
  Verifying  : 7:device-mapper-event-1.02.149-10.el7_6.8.x86_64                                        9/12
  Verifying  : 7:device-mapper-1.02.146-4.el7.x86_64                                                  10/12
  Verifying  : yum-utils-1.1.31-45.el7.noarch                                                         11/12
  Verifying  : 7:device-mapper-libs-1.02.146-4.el7.x86_64                                             12/12

Installed:
  device-mapper-persistent-data.x86_64 0:0.7.3-3.el7            lvm2.x86_64 7:2.02.180-10.el7_6.8

Dependency Installed:
  device-mapper-event.x86_64 7:1.02.149-10.el7_6.8   device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8
  libaio.x86_64 0:0.3.109-13.el7                     lvm2-libs.x86_64 7:2.02.180-10.el7_6.8

Updated:
  yum-utils.noarch 0:1.1.31-50.el7

Dependency Updated:
  device-mapper.x86_64 7:1.02.149-10.el7_6.8         device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8

Complete!
#

Dockerエンジンのインストールには、
標準リポジトリのみだと足りないため、
拡張リポジトリの有効化をします。

# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: amazon-id, rhui-lb
#

以下はAWS独自の手順です。
拡張のリポジトリを有効化します。
クラウドベンダによって手順は違います。

# yum-config-manager --enable rhui-REGION-rhel-server-extras
Loaded plugins: amazon-id, rhui-lb
=================================== repo: rhui-REGION-rhel-server-extras =================================
[rhui-REGION-rhel-server-extras]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7Server
baseurl =
cache = 0
cachedir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage =
enabled = 1
enablegroups = True
exclude =
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgcadir
gpgcakey =
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras/gpgdir
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
hdrdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/headers
http_caching = all
includepkgs =
ip_resolve =
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid =
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink =
minrate = 0
mirrorlist = https://rhui2-cds01.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel/rhui/server/7/7Ser  r/x86_64/extras/os
mirrorlist_expire = 86400
name = Red Hat Enterprise Linux Server 7 Extra(RPMs)
old_base_cache_dir =
password =
persistdir = /var/lib/yum/repos/x86_64/7Server/rhui-REGION-rhel-server-extras
pkgdir = /var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-extras/packages
proxy = False
proxy_dict =
proxy_password =
proxy_username =
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert = /etc/pki/rhui/cdn.redhat.com-chain.crt
sslclientcert = /etc/pki/rhui/product/content-rhel7.crt
sslclientkey = /etc/pki/rhui/content-rhel7.key
sslverify = True
throttle = 0
timeout = 30.0
ui_id = rhui-REGION-rhel-server-extras/7Server/x86_64
ui_repoid_vars = releasever,
   basearch
username =

DockerEngine用のリポジトリ有効化します。

# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
Loaded plugins: amazon-id, rhui-lb
adding repo from: https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo
grabbing file https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/docker-ee.repo to /etc/yum.repos.d/docker-ee.repo
repo saved to /etc/yum.repos.d/docker-ee.repo
#

リポジトリの準備が終わったので、インストールをします。

# yum -y install docker-ee docker-ee-cli containerd.io
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
docker-ee-stable-18.09                                                               | 3.5 kB  00:00:00
rhui-REGION-rhel-server-extras                                                       | 3.4 kB  00:00:00
rhui-REGION-rhel-server-releases                                                     | 3.5 kB  00:00:00
rhui-REGION-rhel-server-rh-common                                                    | 3.8 kB  00:00:00
(1/5): rhui-REGION-rhel-server-extras/7Server/x86_64/group                           |  124 B  00:00:00
(2/5): rhui-REGION-rhel-server-extras/7Server/x86_64/updateinfo                      | 200 kB  00:00:00
(3/5): rhui-REGION-rhel-server-extras/7Server/x86_64/primary_db                      | 536 kB  00:00:00
(4/5): docker-ee-stable-18.09/x86_64/updateinfo                                      |   55 B  00:00:01
(5/5): docker-ee-stable-18.09/x86_64/primary_db                                      |  14 kB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package containerd.io.x86_64 0:1.2.6-3.3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.2.6-3.3.el7.x86_64
---> Package docker-ee.x86_64 3:18.09.7-3.el7 will be installed
---> Package docker-ee-cli.x86_64 1:18.09.7-3.el7 will be installed
--> Running transaction check
---> Package container-selinux.noarch 2:2.99-1.el7_6 will be installed
--> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.99-1.el7_6.noarch
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
--> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-3.13.1-229.el7_6.12.noarch
---> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12 will be an update
--> Running transaction check
---> Package libsemanage.x86_64 0:2.5-11.el7 will be updated
--> Processing Dependency: libsemanage = 2.5-11.el7 for package: libsemanage-python-2.5-11.el7.x86_64
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
--> Processing Dependency: libselinux >= 2.5-14 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol >= 2.5-10 for package: libsemanage-2.5-14.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-22.el7 will be updated
--> Processing Dependency: policycoreutils = 2.5-22.el7 for package: policycoreutils-python-2.5-22.el7.x86_64
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux.x86_64 0:2.5-12.el7 will be updated
--> Processing Dependency: libselinux(x86-64) = 2.5-12.el7 for package: libselinux-python-2.5-12.el7.x86_64
---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update
---> Package libsemanage-python.x86_64 0:2.5-11.el7 will be updated
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be an update
---> Package libsepol.x86_64 0:2.5-8.1.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-22.el7 will be updated
---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be an update
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.5-12.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update
---> Package setools-libs.x86_64 0:3.3.8-2.el7 will be updated
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================
 Package                     Arch       Version                  Repository                            Size
============================================================================================================
Installing:
 containerd.io               x86_64     1.2.6-3.3.el7            docker-ee-stable-18.09                26 M
 docker-ee                   x86_64     3:18.09.7-3.el7          docker-ee-stable-18.09                21 M
 docker-ee-cli               x86_64     1:18.09.7-3.el7          docker-ee-stable-18.09                15 M
Installing for dependencies:
 container-selinux           noarch     2:2.99-1.el7_6           rhui-REGION-rhel-server-extras        39 k
Updating for dependencies:
 libselinux                  x86_64     2.5-14.1.el7             rhui-REGION-rhel-server-releases     162 k
 libselinux-python           x86_64     2.5-14.1.el7             rhui-REGION-rhel-server-releases     236 k
 libselinux-utils            x86_64     2.5-14.1.el7             rhui-REGION-rhel-server-releases     152 k
 libsemanage                 x86_64     2.5-14.el7               rhui-REGION-rhel-server-releases     151 k
 libsemanage-python          x86_64     2.5-14.el7               rhui-REGION-rhel-server-releases     113 k
 libsepol                    x86_64     2.5-10.el7               rhui-REGION-rhel-server-releases     297 k
 policycoreutils             x86_64     2.5-29.el7_6.1           rhui-REGION-rhel-server-releases     916 k
 policycoreutils-python      x86_64     2.5-29.el7_6.1           rhui-REGION-rhel-server-releases     456 k
 selinux-policy              noarch     3.13.1-229.el7_6.12      rhui-REGION-rhel-server-releases     484 k
 selinux-policy-targeted     noarch     3.13.1-229.el7_6.12      rhui-REGION-rhel-server-releases     6.9 M
 setools-libs                x86_64     3.3.8-4.el7              rhui-REGION-rhel-server-releases     620 k

Transaction Summary
============================================================================================================
Install  3 Packages (+ 1 Dependent package)
Upgrade             ( 11 Dependent packages)

Total download size: 72 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/15): container-selinux-2.99-1.el7_6.noarch.rpm                                    |  39 kB  00:00:00
warning: /var/cache/yum/x86_64/7Server/docker-ee-stable-18.09/packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 76682bc9: NOKEY
Public key for containerd.io-1.2.6-3.3.el7.x86_64.rpm is not installed
(2/15): containerd.io-1.2.6-3.3.el7.x86_64.rpm                                       |  26 MB  00:00:03
(3/15): docker-ee-18.09.7-3.el7.x86_64.rpm                                           |  21 MB  00:00:03
(4/15): libselinux-2.5-14.1.el7.x86_64.rpm                                           | 162 kB  00:00:00
(5/15): libselinux-utils-2.5-14.1.el7.x86_64.rpm                                     | 152 kB  00:00:00
(6/15): libselinux-python-2.5-14.1.el7.x86_64.rpm                                    | 236 kB  00:00:00
(7/15): libsemanage-2.5-14.el7.x86_64.rpm                                            | 151 kB  00:00:00
(8/15): libsemanage-python-2.5-14.el7.x86_64.rpm                                     | 113 kB  00:00:00
(9/15): libsepol-2.5-10.el7.x86_64.rpm                                               | 297 kB  00:00:00
(10/15): policycoreutils-2.5-29.el7_6.1.x86_64.rpm                                   | 916 kB  00:00:00
(11/15): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm                            | 456 kB  00:00:00
(12/15): selinux-policy-3.13.1-229.el7_6.12.noarch.rpm                               | 484 kB  00:00:00
(13/15): setools-libs-3.3.8-4.el7.x86_64.rpm                                         | 620 kB  00:00:00
(14/15): selinux-policy-targeted-3.13.1-229.el7_6.12.noarch.rpm                      | 6.9 MB  00:00:00
(15/15): docker-ee-cli-18.09.7-3.el7.x86_64.rpm                                      |  15 MB  00:00:02
------------------------------------------------------------------------------------------------------------
Total                                                                        11 MB/s |  72 MB  00:00:06
Retrieving key from https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Importing GPG key 0x76682BC9:
 Userid     : "Docker Release (EE rpm) <docker@docker.com>"
 Fingerprint: 77fe da13 1a83 1d29 a418 d3e8 99e5 ff2e 7668 2bc9
 From       : https://storebits.docker.com/ee/rhel/sub-93c2d407-d67d-466a-b84f-0f4fe6d1a37f/rhel/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libsepol-2.5-10.el7.x86_64                                                              1/26
  Updating   : libselinux-2.5-14.1.el7.x86_64                                                          2/26
  Updating   : libsemanage-2.5-14.el7.x86_64                                                           3/26
  Updating   : libselinux-utils-2.5-14.1.el7.x86_64                                                    4/26
  Updating   : policycoreutils-2.5-29.el7_6.1.x86_64                                                   5/26
  Updating   : selinux-policy-3.13.1-229.el7_6.12.noarch                                               6/26
  Updating   : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch                                      7/26
  Updating   : libsemanage-python-2.5-14.el7.x86_64                                                    8/26
  Updating   : setools-libs-3.3.8-4.el7.x86_64                                                         9/26
  Updating   : libselinux-python-2.5-14.1.el7.x86_64                                                  10/26
  Updating   : policycoreutils-python-2.5-29.el7_6.1.x86_64                                           11/26
  Installing : 2:container-selinux-2.99-1.el7_6.noarch                                                12/26
  Installing : containerd.io-1.2.6-3.3.el7.x86_64                                                     13/26
  Installing : 1:docker-ee-cli-18.09.7-3.el7.x86_64                                                   14/26
  Installing : 3:docker-ee-18.09.7-3.el7.x86_64                                                       15/26
  Cleanup    : selinux-policy-targeted-3.13.1-192.el7.noarch                                          16/26
  Cleanup    : policycoreutils-python-2.5-22.el7.x86_64                                               17/26
  Cleanup    : selinux-policy-3.13.1-192.el7.noarch                                                   18/26
  Cleanup    : policycoreutils-2.5-22.el7.x86_64                                                      19/26
  Cleanup    : libselinux-utils-2.5-12.el7.x86_64                                                     20/26
  Cleanup    : setools-libs-3.3.8-2.el7.x86_64                                                        21/26
  Cleanup    : libselinux-python-2.5-12.el7.x86_64                                                    22/26
  Cleanup    : libsemanage-python-2.5-11.el7.x86_64                                                   23/26
  Cleanup    : libsemanage-2.5-11.el7.x86_64                                                          24/26
  Cleanup    : libselinux-2.5-12.el7.x86_64                                                           25/26
  Cleanup    : libsepol-2.5-8.1.el7.x86_64                                                            26/26
  Verifying  : policycoreutils-2.5-29.el7_6.1.x86_64                                                   1/26
  Verifying  : 1:docker-ee-cli-18.09.7-3.el7.x86_64                                                    2/26
  Verifying  : setools-libs-3.3.8-4.el7.x86_64                                                         3/26
  Verifying  : selinux-policy-targeted-3.13.1-229.el7_6.12.noarch                                      4/26
  Verifying  : selinux-policy-3.13.1-229.el7_6.12.noarch                                               5/26
  Verifying  : policycoreutils-python-2.5-29.el7_6.1.x86_64                                            6/26
  Verifying  : libsemanage-python-2.5-14.el7.x86_64                                                    7/26
  Verifying  : libsemanage-2.5-14.el7.x86_64                                                           8/26
  Verifying  : libsepol-2.5-10.el7.x86_64                                                              9/26
  Verifying  : containerd.io-1.2.6-3.3.el7.x86_64                                                     10/26
  Verifying  : libselinux-python-2.5-14.1.el7.x86_64                                                  11/26
  Verifying  : libselinux-utils-2.5-14.1.el7.x86_64                                                   12/26
  Verifying  : 2:container-selinux-2.99-1.el7_6.noarch                                                13/26
  Verifying  : libselinux-2.5-14.1.el7.x86_64                                                         14/26
  Verifying  : 3:docker-ee-18.09.7-3.el7.x86_64                                                       15/26
  Verifying  : libsemanage-python-2.5-11.el7.x86_64                                                   16/26
  Verifying  : libsemanage-2.5-11.el7.x86_64                                                          17/26
  Verifying  : libselinux-python-2.5-12.el7.x86_64                                                    18/26
  Verifying  : setools-libs-3.3.8-2.el7.x86_64                                                        19/26
  Verifying  : policycoreutils-2.5-22.el7.x86_64                                                      20/26
  Verifying  : policycoreutils-python-2.5-22.el7.x86_64                                               21/26
  Verifying  : selinux-policy-targeted-3.13.1-192.el7.noarch                                          22/26
  Verifying  : libsepol-2.5-8.1.el7.x86_64                                                            23/26
  Verifying  : selinux-policy-3.13.1-192.el7.noarch                                                   24/26
  Verifying  : libselinux-2.5-12.el7.x86_64                                                           25/26
  Verifying  : libselinux-utils-2.5-12.el7.x86_64                                                     26/26

Installed:
  containerd.io.x86_64 0:1.2.6-3.3.el7                   docker-ee.x86_64 3:18.09.7-3.el7
  docker-ee-cli.x86_64 1:18.09.7-3.el7

Dependency Installed:
  container-selinux.noarch 2:2.99-1.el7_6

Dependency Updated:
  libselinux.x86_64 0:2.5-14.1.el7                 libselinux-python.x86_64 0:2.5-14.1.el7
  libselinux-utils.x86_64 0:2.5-14.1.el7           libsemanage.x86_64 0:2.5-14.el7
  libsemanage-python.x86_64 0:2.5-14.el7           libsepol.x86_64 0:2.5-10.el7
  policycoreutils.x86_64 0:2.5-29.el7_6.1          policycoreutils-python.x86_64 0:2.5-29.el7_6.1
  selinux-policy.noarch 0:3.13.1-229.el7_6.12      selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.12
  setools-libs.x86_64 0:3.3.8-4.el7

Complete!
#

これで完了。
Dockerサービスを起動させましょう。

# systemctl start docker
# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2019-07-06 04:49:42 UTC; 4s ago
     Docs: https://docs.docker.com
 Main PID: 2341 (dockerd)
    Tasks: 8
   Memory: 31.7M
   CGroup: /system.slice/docker.service
           mq2341 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.52..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.68..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.76..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.81..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82...7
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.82..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal dockerd[2341]: time="2019-07-06T04:49:42.86..."
Jul 06 04:49:42 ip-10-0-0-51.ap-northeast-1.compute.internal systemd[1]: Started Docker Application Cont....
Hint: Some lines were ellipsized, use -l to show in full.
#

せっかくなので、コンテナ立ち上げテスト。
ubuntuを立ち上げます。

# docker run -it ubuntu bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
5b7339215d1d: Pull complete
14ca88e9f672: Pull complete
a31c3b1caad4: Pull complete
b054a26005b7: Pull complete
Digest: sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c
Status: Downloaded newer image for ubuntu:latest
root@13841ed1810a:/#
root@13841ed1810a:/# exit
exit
#

これでDockerEEは終了です。

#3.UCPインストール
まずは、UCPのコンテナイメージをDockerHubからpullします。

# docker image pull docker/ucp:3.1.8
3.1.8: Pulling from docker/ucp
c87736221ed0: Pull complete
831158f6c3f0: Pull complete
7eaca31ce090: Pull complete
Digest: sha256:048414d9d3fd5cc93b3a762582c2cea73b94ef5449072b16231f13b9e355c1e4
Status: Downloaded newer image for docker/ucp:3.1.8
#

イメージをpullしたので、コンテナを立ち上げます。

# docker container run --rm -it --name ucp \
>   -v /var/run/docker.sock:/var/run/docker.sock \
>   docker/ucp:3.1.8 install \
>   --host-address <自分のIPアドレス> \
>   --interactive
INFO[0000] Your engine version 18.09.7, build b81f474 (3.10.0-862.el7.x86_64) is compatible with UCP 3.1.8 (b22346c)
Admin Username: <ユーザー名>
Admin Password: <パスワード>
Confirm Admin Password: <パスワード>
INFO[0031] Pulling required images... (this may take a while)
INFO[0031] Pulling docker/ucp-etcd:3.1.8
INFO[0036] Pulling docker/ucp-agent:3.1.8
INFO[0040] Pulling docker/ucp-kube-compose:3.1.8
INFO[0044] Pulling docker/ucp-hyperkube:3.1.8
INFO[0059] Pulling docker/ucp-kube-dns:3.1.8
INFO[0063] Pulling docker/ucp-metrics:3.1.8
INFO[0068] Pulling docker/ucp-auth:3.1.8
INFO[0072] Pulling docker/ucp-azure-ip-allocator:3.1.8
INFO[0075] Pulling docker/ucp-interlock-extension:3.1.8
INFO[0079] Pulling docker/ucp-interlock-proxy:3.1.8
INFO[0083] Pulling docker/ucp-calico-kube-controllers:3.1.8
INFO[0091] Pulling docker/ucp-calico-node:3.1.8
INFO[0097] Pulling docker/ucp-dsinfo:3.1.8
INFO[0113] Pulling docker/ucp-swarm:3.1.8
INFO[0116] Pulling docker/ucp-auth-store:3.1.8
INFO[0121] Pulling docker/ucp-kube-dns-sidecar:3.1.8
INFO[0125] Pulling docker/ucp-interlock:3.1.8
INFO[0128] Pulling docker/ucp-calico-cni:3.1.8
INFO[0133] Pulling docker/ucp-kube-dns-dnsmasq-nanny:3.1.8
INFO[0138] Pulling docker/ucp-pause:3.1.8
INFO[0141] Pulling docker/ucp-kube-compose-api:3.1.8
INFO[0146] Pulling docker/ucp-cfssl:3.1.8
INFO[0149] Pulling docker/ucp-controller:3.1.8
INFO[0157] Pulling docker/ucp-compose:3.1.8
We detected the following hostnames/IP addresses for this system [ip-10-0-0-51.ap-northeast-1.compute.internal 127.0.0.1 172.17.0.1 10.0.0.51]

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0000] Initializing a new swarm at 10.0.0.51
INFO[0007] Installing UCP with host address 10.0.0.51 - If this is incorrect, please specify an alternative address with the '--host-address' flag
INFO[0007] Deploying UCP Service...
INFO[0077] Installation completed on ip-10-0-0-51.ap-northeast-1.compute.internal (node gfr42419cmfwz2xt57wgf8wmh)
INFO[0077] UCP Instance ID: izfuh7vqgm5z9v76473dckqvi
INFO[0077] UCP Server SSL: SHA-256 Fingerprint=54:84:37:11:3A:64:A4:33:73:03:21:E7:C4:BE:9E:97:8B:3B:09:C1:FC:99:5C:06:08:BC:E7:0B:4E:FD:B1:FC
INFO[0077] Login to UCP at https://10.0.0.51:443
INFO[0077] Username: 
INFO[0077] Password: (your admin password)
#

コンテナが立ち上がったので、ログインしましょう。
https://<自分のIPアドレス>:443
EC2の場合、ローカルのIPではなく、ElasticIPでのログインになります。
証明書のエラーが出ますが、スルーしましょう。
image.png

ログイン後ライセンスキーの投入画面が出ます。
2.DockerEngineEEインストールでダウンロードしたライセンスキーを投入します。

これでUCPのインストールは終了です。

#4.DTRインストール
UCP操作をしていきます。
・Admin Settingを選択
image.png

・Docker Trusted Registryを選択
UCP NODEをプルダウンから選択。
Disable TLS verification for UCPのチェックを外す。
image.png

そうして出てきたコマンドを、RHELに打ち込みますが
残念ながらエラーになるはずです。
DTRはデフォルトで443のポートを使用します。
UCPが既に443を使用しているので、競合が発生します。

UCPを別ポートにする対処を行いましょう。
・Cluster Configurationを選択
Controller Portを443から8443に変更します。
image.png

変更が終わったら、UCPには8443でアクセスが出来ることを確認しましょう。
https://<自分のIPアドレス>:8443

# docker run -it --rm docker/dtr install --ucp-node ip-10-0-0-51.ap-northeast-1.compute.internal  --ucp-username <ユーザ名>  --ucp-url https://10.0.0.51:8443  --ucp-insecure-tls
INFO[0000] Beginning Docker Trusted Registry installation
ucp-password:<パスワード>
INFO[0003] Validating UCP cert
INFO[0003] Connecting to UCP
INFO[0003] health checking ucp
INFO[0003] Only one available UCP node detected. Picking UCP node 'ip-10-0-0-51.ap-northeast-1.compute.internal'
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0003] Searching containers in UCP for DTR replicas
INFO[0004] verifying [80 443] ports on ip-10-0-0-51.ap-northeast-1.compute.internal
INFO[0009] Waiting for running dtr-phase2 container to finish
INFO[0009] starting phase 2
INFO[0000] Validating UCP cert
INFO[0000] Connecting to UCP
INFO[0000] health checking ucp
INFO[0000] Verifying your system is compatible with DTR
INFO[0000] Checking if the node is okay to install on
WARN[0000] Node: ip-10-0-0-51.ap-northeast-1.compute.internal is a manager, it is **not** recommended for DTR to reside on a UCP manager node, see: https://docs.docker.com/ee/dtr/admin/install/system-requirements/ for more info.
WARN[0000] Installation will continue in 10 seconds...
INFO[0010] Using default overlay subnet: 10.1.0.0/24
INFO[0010] Creating network: dtr-ol
INFO[0010] Connecting to network: dtr-ol
INFO[0010] Waiting for phase2 container to be known to the Docker daemon
INFO[0011] Setting up replica volumes...
INFO[0011] Creating initial CA certificates
INFO[0011] Bootstrapping rethink...
INFO[0011] Creating dtr-rethinkdb-4bd224354f6a...
INFO[0020] Establishing connection with Rethinkdb
INFO[0021] Waiting for database dtr2 to exist
INFO[0021] Establishing connection with Rethinkdb
INFO[0021] Generated TLS certificate.                    dnsNames="[*.com *.*.com example.com *.dtr *.*.dtr]" domains="[*.com *.*.com 172.17.0.1 example.com *.dtr *.*.dtr]" ipAddresses="[172.17.0.1]"
INFO[0022] License config copied from UCP.
INFO[0022] Migrating db...
INFO[0000] Establishing connection with Rethinkdb
INFO[0000] Migrating database schema                     fromVersion=0 toVersion=10
INFO[0001] Waiting for database notaryserver to exist
INFO[0001] Waiting for database notarysigner to exist
INFO[0002] Waiting for database jobrunner to exist
INFO[0002] Migrated database from version 0 to 10
INFO[0025] Starting all containers...
INFO[0025] Getting container configuration and starting containers...
INFO[0025] Automatically configuring rethinkdb cache size to 14245 mb
INFO[0025] Recreating dtr-rethinkdb-4bd224354f6a...
INFO[0030] Creating dtr-registry-4bd224354f6a...
INFO[0038] Creating dtr-garant-4bd224354f6a...
INFO[0045] Creating dtr-api-4bd224354f6a...
INFO[0053] Creating dtr-notary-server-4bd224354f6a...
INFO[0060] Recreating dtr-nginx-4bd224354f6a...
INFO[0068] Creating dtr-jobrunner-4bd224354f6a...
INFO[0100] Creating dtr-notary-signer-4bd224354f6a...
INFO[0107] Creating dtr-scanningstore-4bd224354f6a...
INFO[0115] Trying to get the kv store connection back after reconfigure
INFO[0115] Establishing connection with Rethinkdb
INFO[0115] Verifying auth settings...
INFO[0115] Successfully registered dtr with UCP
INFO[0115] Installation is complete
INFO[0115] Replica ID is set to: 4bd224354f6a
INFO[0115] You can use flag '--existing-replica-id 4bd224354f6a' when joining other replicas to your Docker Trusted Registry Cluster
#

それでは、DTRにアクセスします。
https://<自分のIPアドレス>:443
image.png

DTRの構築が無事終わりました。
レジストリとクライアント間の通信は、tlsのためCAの証明書が必要です。
下記コマンドでダウンロード配置を行います。

# curl -k https://<IPアドレス>/ca -o /etc/pki/ca-trust/source/anchors/hoge.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   774  100   774    0     0  23399      0 --:--:-- --:--:-- --:--:-- 24187
#
# update-ca-trust
#
# systemctl restart docker
#

これでプライベートなDockerレジストリの構築が完了しました。
あとは、docker push/pullで素敵なdockerライフを送りましょう。

Dockerレジストリ設定の記事はまた、別に書こうと思います。

#参考URL
https://docs.docker.com/install/linux/docker-ee/rhel/#find-your-docker-ee-repo-url
https://docs.docker.com/ee/ucp/admin/install/
https://docs.docker.com/ee/dtr/admin/install/

#以下、個人的なメモ
メモ
・dockerイメージは下記にする必要があります。
[ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]

# docker login 172.17.0.1:443
# docker tag registry.access.redhat.com/rhel7 [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]
# docker push [ホスト名]:[ポート番号]/[リポジトリ名/リポジトリ名]:[イメージ名]
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?