Upload
danghanh
View
218
Download
0
Embed Size (px)
Citation preview
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 2
OVERVIEW
The topic of ‘Containerisation’ has gained recent
prominence with customers wanting to extend their
reach beyond virtualising a full machine via the
deployment of encapsulated application containers
within their own operating environment. This
approach provides many of the benefits of loading an
application onto a virtual machine; however, these
applications can be run on any suitable physical or
virtual machine without any worries about
dependencies, all at a fraction of the normal
computing resource cost. There currently is a wide
choice of containerisation technologies; however,
Docker has fast become the most widely adopted.
The UKCloud IaaS platform is the ideal target for
containerisation technologies such as Docker as we
are able to provide a level of data security and
assurance normally associated with Private Cloud or
physical servers, whilst also leveraging all the
efficiencies of Public Cloud.
This Blueprint describes how customers can deploy
the core components of Docker upon UKCloud IaaS
enabling customers to explore the value proposition
of containerisation, whilst also leverage the data
security assurance that UKCloud is able to provide to
the container services and associated image
repositories.
IN THIS BLUEPRINT
Overview 2
What is Docker? 3
How are Docker containers different to Virtual
Machines? 3
What are the features of Docker? 3
What are the components of Docker? 4
How do I run Docker within UKCloud? 5
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 3
What is Docker?
Docker is a containerisation technology which allows
you to package an application with all of its
dependencies into a standardised unit for software
development.
Docker containers wrap up a piece of software in a
complete file system that contains everything it needs
to run: code, runtime, system tools, and system
libraries – anything you can install on a server. This
guarantees that it will always run the same,
regardless of the environment it is running in.
How are Docker containers different to Virtual Machines?
Containers have similar resource isolation and
allocation benefits as virtual machines but a different
architectural approach allows them to be much more
portable and efficient.
What are the features of Docker?
Lightweight - Containers running on a single
machine all share the same operating system Kernel,
so they start instantly and make more efficient use of
RAM. Images are constructed from layered file
systems so they can share common files, making
disk usage and image downloads much more
efficient.
Open - Docker containers are based on open
standards allowing containers to run on all major
Linux distributions and Microsoft operating systems
with support for every infrastructure.
Secure - Containers isolate applications from each
other and the underlying infrastructure while
providing an added layer of protection for the
application.
Scalable - Docker containers spin up and down in
seconds making it easy to scale an application
service at any time to satisfy peak customer demand,
and then just as easily spin down those containers to
only use the resources you need, when you need it.
Manageable - Docker makes it easy to identify
issues and isolate the problem container, quickly roll
back to make the necessary changes then push the
updated container into production. The isolation
between containers makes these changes less
disruptive than traditional software models.
Portable - Ship one or many containers to others or
downstream service teams without worrying about
different environment dependencies creating issues
with your application. Other teams can easily link to
or test against your app without having to learn or
worry about how it works.
Fast - Docker easily takes copies of your live
environment and run on any new endpoint running
Docker. Docker users on average ship software 7
times more after deploying Docker in their
environment.
Further details to aid in the understanding of Docker
can be found at:
https://docs.docker.com/introduction/understanding-
docker/
Virtual Machines
Each virtual machines includes the application, the necessary binaries and libraries and an entire guest operating system - all of which may be tens of GBs in size.
Docker Containers
Containers include the application and all of its dependencies, but share the kernel with other containers. They run as an isolated process in user space on the host operating system. They’re also not tied to any specific infrastructure – Docker containers run on any computer, on any infrastructure and in any cloud.
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 4
What are the components of Docker?
Docker is a collective term for multiple Docker
products, a full list of which can be found at:
https://www.docker.com/products
For this document we will look at four of the main
Docker products; Docker Engine, Docker Hub,
Docker Registry and Docker Trusted Registry.
1. Docker Engine
At the core of the Docker platform is Docker Engine,
a lightweight runtime and robust tool that builds and
runs your Docker containers. Docker Engine runs on
Linux to create the operating environment for your
distributed applications. The in-host daemon
communicates with the Docker client to execute
commands to build ship and run containers.
UKCloud support the running of Docker Engine within
VMs provisioned upon our Compute platform. A full
list of supported guest operating systems and simple
installation instructions for Docker Engine can be
found at https://docs.docker.com/installation/.
2. Docker Hub
The Docker Hub provides a multi-tenant cloud-based
platform service hosted by Docker for distributed
applications, including container image distribution
and change management, user and team
collaboration, and lifecycle workflow automation.
3. Docker Registry
Docker Registry is a stateless, highly scalable server
side application that stores and lets you distribute
Docker images with no Enterprise management
features or commercial support. You should use the
Registry if you want to:
tightly control where your images are being stored
fully own your images distribution pipeline
integrate images storage and distribution into your in-house development workflow
4. Docker Trusted Registry
Docker Trusted Registry (DTR) is similar to Docker
Registry in that it lets you run and manage your own
Docker image storage service; however, it focuses
on Enterprise features and can be deployed securely
on your own virtual infrastructure behind your edge
firewall. This allows you to securely store, push, and
pull the images used by your enterprise to build, ship,
and run applications. DTR also provides monitoring
and usage information to help you understand the
workloads being placed on it.
Specifically, DTR provides:
A commercially supported image registry to store, manage, and collaborate on Docker images
Role-based access control (RBAC)
Integration with LDAP and Active Directory
Pluggable storage drivers
Configuration options to let you run DTR in your particular enterprise environment.
Easy, transparent upgrades
Logging, usage and system health metrics
DTR is perfect for:
Providing a secure development environment
Creating a streamlined build pipeline
Building a consistent, high-performance test/QA environment
Managing image deployment
To get started with DTR please see the install page.
Note: Docker Trusted Registry (DTR) is a
commercial supported product from Docker. To get
your copy of DTR, including a free trial, visit the
Docker Subscription page.
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 5
How do I run Docker within UKCloud?
Docker Engine
Docker Engine is supported natively by the following
distributions;
RPM: Fedora 20 +, Red Hat Enterprise Linux
6.6 +, CentOS 6.5 +
Debian: Ubuntu 12.04 +, Debian 7.7 +
Note: Docker requires a 64-bit installation regardless
of your Linux OS, in addition your kernel must be
3.10 or higher.
Installation Steps (Ubuntu Trusty 14.04 - LTS)
1. Create a new VM following the Quick-Start Guide (a ‘Small VM’ will suffice for initial testing)
Figure1. vCloud Director VM configuration panel
2. Log into your Ubuntu installation as a user
with sudo privileges.
3. Verify that you have wget installed.
$ which wget
4. If wget isn’t installed, install it after updating
your manager:
$ sudo apt-get update
$ sudo apt-get install wget
5. Get the latest Docker package.
$ wget -qO-
https://get.docker.com/ | sh
The system prompts you for
your sudo password. Then, it downloads
and installs Docker and its dependencies.
Note: If your company is behind a filtering
proxy, you may find that the apt-
key command fails for the Docker repo
during installation. To work around this, add
the key directly using the following:
$ wget –qO
https://get.docker.com/gpg |
sudo apt-key add -
6. Verify docker is installed correctly.
$ sudo docker run hello-world
This command downloads a test image and
runs it in a container.
Further installation details can be found at
https://docs.docker.com/installation/ubuntulinux
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 6
Docker Registry
Docker Registry has shipped as standard from
Docker 1.6.0, and to use the Registry is simply a
case of starting the service on a VM that has Docker
Engine installed and running as per the above.
Start your registry:
$ docker run -d -p 5000:5000 \ --
restart=always --name registry
registry:2
You can now tag an image and push it:
$ docker pull ubuntu && docker tag
ubuntu localhost:5000/batman/ubuntu
$ docker push
localhost:5000/batman/ubuntu
Then pull it back:
$ docker pull
localhost:5000/batman/ubuntu
By default, your registry stores its data on the local
file system, inside the container. In a production
environment, it’s highly recommended to use another
storage backend such as UKCloud Cloud Storage;
further details can be found here.
For enhance Enterprise features and a commercially
supported version of Docker Registry customers can
install Docker Trusted Registry using the steps
outlined below.
Docker Trusted Registry
Prerequisites
In order to run DTR, you will need to get a license,
either by purchasing DTR or acquiring a trial license.
To get your license, visit the Docker Subscription
page and select the edition you would like acquire.
Figure 3. Docker Trusted Registry licensing website
Commercially supported Docker Engine 1.6.1 or later
running on an Ubuntu 14.04 LTS, RHEL 7.1 or RHEL
7.0 host. (See below for instructions on how to install
the commercially supported Docker Engine.)
Your Docker daemon needs to be listening to the
Unix socket (the default) so that it can be bind-
mounted into the DTR management containers,
allowing DTR to manage itself and its updates. For
this reason, your DTR host will also need internet
connectivity so it can access the updates.
Your host also needs to have TCP
ports 80 and 443 available for the DTR container
port mapping.
Installation Steps (Ubuntu Trusty 14.04 - LTS)
1. Download the commercially supported Docker Engine Bash installation script:
a. Log in to the Docker Hub with the user-name used to obtain your license.
b. Once you’re logged in, go to the “Licenses” page in your Hub account’s “Settings” section (accessed via the gear icon at upper right).
c. Click the button at the top right of the page that corresponds to your intended host operating system.
d. Once the Bash setup script is downloaded, follow the steps below appropriate for your chosen OS.
2. Copy the downloaded Bash setup script to your Ubuntu host.
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 7
3. Run the following to install commercially supported Docker Engine and its dependencies:
$ sudo apt-get update && sudo apt-
get upgrade
$ sudo apt-get install -y linux-
image-extra-virtual
$ sudo reboot
$ chmod 755 docker-cs-engine-
deb.sh
$ sudo ./docker-cs-engine-deb.sh
$ sudo apt-get install docker-
engine-cs
4. Lastly, confirm Docker is running with
sudo service docker start.
In order to simplify using Docker, you can get non-
sudo access to the Docker socket by adding your
user to the docker group, then logging out and
back in again:
$ sudo usermod -a -G docker $USER
$ exit
Note: you may need to reboot your server to update
its LTS kernel.
MORE INFORMATION
For further information about UKCloud and how we
can help you, please send an email to
UKC-GEN-259 Deploying Docker Containers on UKCloud’s Compute platform 8
UKCloud Ltd
A8 Cody Technology Park
Ively Road
Farnborough
Hampshire
GU14 0LX
+44 (0)1252 303300
www.ukcloud.com
Reasonable efforts have been made to ensure the accuracy of the information contained in this document. No advice given or statements or recommendations made shall in any circumstances constitute or be deemed to constitute a warranty by UKCloud Ltd as to the accuracy of such advice, statements or recommendations. UKCloud Ltd shall not be liable for any loss, expense, damage or claim howsoever arising out of the advice given or not given or statements made or omitted to be made in connection with this document.
No part of this document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of UKCloud Ltd.
© UKCloud Ltd 2016 All Rights Reserved.
UKC-GEN-259 • 07/2016