Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Docker: Docker Datacenter in Azure

  • June 24, 2016
  • 11 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.

Docker Datacenter on Azure and AWS has been announced on Tuesday 21st, June 2016 at the DockerCon.

Docker logoDocker Datacenter, what it is?

Docker Datacenter will give you the possibility to have, in your datacenter or in the Cloud, your own Docker environment, like the official release, like management interfaces, repository, etc.

The architecture that will be deployed on is the following:Docker Datacenter Architecture

Installation

Before starting, be sure to have a license for Docker Datacenter: https://www.docker.com/products/docker-datacenter

On Azure, it’s very simple to deploy this solution, with an ARM template. To do this, connect on https://portal.azure.com et click on New. Search Docker in the Marketplace and select Docker Datacenter:

Microsoft Azure Docker Datacenter

Choose a username, a password or an SSH key that will be used for each VM and a resource group:

Microsoft Azure Create Docker Datacenter Subnet

Choose a prefix name for each resource and after, select the VM size for VM that will be created. Create a new network with 2 subnets, one for controllers and node and one other for Docker Trusted Registry (DTR):

Microsoft Azure

Create a public IP for the node load-balancer and another one for the DTR. Associate a public DNS name to each. Finally, choose a password for the Universal Control Plane (UCP) administrator and select the key that you get before:

Microsoft Azure Docker Datacenter Settings

Verify that all information is correct:

Microsoft Azure Docker Datacenter Summary

By clicking on Purchase, you accept licenses and the deployment is starting:

Microsoft Azure Docker Datacenter Purchase

The deployment took 20 minutes for me:

Microsoft Azure Docker Datacenter Deployment History

Discover and configuration

Open a browser and navigate to the UCP URL, in my case “https://dockerucp.florentappointaire.cloud”

Docker Universal Control Plane

Connect with the username admin and use the password that you chose during the deployment. If the authentication is good, you will see the dashboard:

Docker Universal Control Panel Overview

On this interface, you will be able to:

  • Manage applications
  • Manage containers
  • Manage nodes
  • Manage volumes
  • Manage network
  • Manage images

And manage users and some parameters.

Security of the registry

Before starting the publishing in the registry and deploying containers, we need to secure the environment to secure communication between UCP and DTR.

To start, connect in SSH to your UCP node:

PuTTY Configuration Session

Ubuntu console

Execute the following command:

After downloading the uc-dump-certs image and created a new container, you will normally see a result like this:

downloading the uc-dump-certs image

Copy the result in a file on your desktop and name it ucp-cluster-ca.pem. Connect to your DTR, for me it’s https://dockerdatacenter.florentappointaire.cloud:

Docker Universal Control Plane

Connect with the username admin and the same password that for the UCP (the database is the same). Go to Settings and in the Domain part, click on Show TLS Settings. Copy the contents of the TLS CA part in a file on your desktop named dtr-ca.pem:

Docker Universal Control Plane

Go to your UCP interface, in Settings > DTR and provide the URL of your registry. Select the dtr-ca.pem certificate and click on Update Registry:

Docker Universal Control Plane Settings

Now, you need to trust the UCP CA from the DTR. In the DTR interface, in Settings, paste the content of the ucp-cluster-ca.pem certificate, in Auth ByPass TLS Root CA and save:

Docker Control Plane Trusted Registry

You need to copy the file dtr-ca.pem on each node in the UCP (7 by default). I used the first server to connect to others, in SSH (otherwise, you can deploy a gateway in the same range with windows server for example). I executed the following command:

Paste the result of the file dtr-ca.pem. Restart the Docker service with the following command:

Restart the Docker service command

Storage update to store image in the DTR

To store your images in your Docker repository, you will need a storage account. I will continue in Azure, to create my storage account on it:

Microsoft Azure Create Storage Account

Get the storage account name and the primary key:

Microsoft Azure storage account name and the primary key

In the DTR interface, navigate to Settings > Storage and choose Azure. Provide information that you get before:

Docker Control Plane Interface

New image in the DTR

We will now push our first image in the DTR, to be able to deploy containers from this image. Connect to your DTR interface if it’s not already done and click on the New repository to create a new repository:

Docker Control Plane New Repository

Fill in each field and click on Save:

Docker Control Plane New Repository creation

We will push an image to this repository. I created an image that will execute a website (running on nginx) with a custom HTML page, with the following Dockerfile (sources are here:https://github.com/Flodu31/Floapp-Cloud):

Execute the following command to build your image:

Docker image building command

Copy the certificate drt-ca.pem on the server where you would like to connect with Docker commands. On my Debian server, I did this:

Docker image connection to server command

We need to connect to this hub to push our image. Here, I will connect with the same account that I used to create my repository, admin:

Change the URL to yours.

If you have the following error, do the following workaround:

Ubuntu command

Ubuntu command

Now, to continue, we need to tag the image. Use the following command:

tag image command

We can now push our image to our repository that we previously created:

image pushing to repository command

The sending is done:

Docker Trusted Registry admin folder

Deploy theFloAppWebsite image

We will now create a container from this image. To start, you need to download the image from our account. In the UCP, navigate to Images and click on Pull image:

Docker UCP

Provide the name of your image, in my case dlbpiplabel.westeurope.cloudapp.azure.com/admin/floappwebsite, and click on Pull:

Pull image

After few seconds (depending on your image size), you will be able to see her in the list of available images:

Docker UCP

Go now in Containers and click on Deploy Container. Give a name to your image and adapt parameters to your need:

Docker Container basic settings

Docker Container network settings

Click on Run Container:

Docker Container settings

After few seconds, you have your new container:

Docker UCP

If you click on the container you will be able to see which port is used, in the Network part:

Docker UCP

To test that everything is working fine, I deployed a VM on the same subnet that UCP nodes and I navigated to the IP and port provided before:

Docker welcome page

This new is perfect if you want a Docker environment and that you can’t run it in your datacenter 🙂

Found Florent’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!