Docker: Docker Datacenter in Azure

Posted by Florent Appointaire on June 24, 2016
Share on Facebook0Share on Google+0Share on LinkedIn4Share on Reddit0Tweet about this on Twitter0
5/5 (1)


Docker Datacenter on Azure and AWS has been announced on Tuesday 21st, June 2016 at the DockerCon.

Docker Datacenter, what it is?

Docker Datacenter will give you the possibility to have, in your datacenter or in the Cloud, you own Docker environment, like the official release, like management interfaces, repository, etc.

The architecture that will be deployed on is the following:Docker Datacenter Architecture

The full documentation is available here.


Before starting, be sure to have a license for Docker Datacenter:

On Azure, it’s very simple to deploy this solution, with an ARM template. To do this, connect on et click on New. Search Docker in the Marketplace and select Docker Datacenter:

Microsoft Azure

Choose a username, a password or a SSH key that will be used for each VM and a resource group:

Microsoft Azure

Choose a prefix name for each resource and after, select the VM size for VM that will be created. Create a new network with 2 subnets, one for controllers and node and one other for Docker Trusted Registry (DTR):

Microsoft Azure

Create a public IP for the node load-balancer and another one for the DTR. Associate a public DNS name to each. Finally, choose a password for the Universal Control Plane (UCP) administrator and select the key that you get before:

Microsoft Azure

Verify that all information is correct:

Microsoft Azure

By clicking on Purchase, you accept licenses and the deployment is starting:

Microsoft Azure

The deployment took 20 minutes for me:

Microsoft Azure

Discover and configuration

Open a browser and navigate to the UCP URL, in my case


Connect with the username admin and use the password that you chose during the deployment. If the authentication is good, you will see the dashboard:

Docker dashboard

On this interface, you will be able to:

  • Manage applications
  • Manage containers
  • Manage nodes
  • Manage volumes
  • Manage network
  • Manage images

And manage users and some parameters.

Security of the registry

Before starting the publishing in the registry and deploying containers, we need to secure the environment to secure communication between UCP and DTR.

To start, connect in SSH to your UCP node:

PuTTY Configuration


Ubuntu console

Execute the following command:

sudo docker run –rm –name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp dump-certs –cluster –ca

After downloading the uc-dump-certs image and created a new container, you will normally see a result like this:

Ubuntu console

Copy the result in a file on your desktop and name it ucp-cluster-ca.pem. Connect to your DTR, for me it’s


Connect with the username admin and the same password that for the UCP (the database is the same). Go to Settings and in the Domain part, click on Show TLS Settings. Copy the contents of the TLS CA part in a file on your desktop named dtr-ca.pem:

Docker Universal Control Plane

Go on your UCP interface, inSettings > DTR and provide the URL of your registry. Select the dtr-ca.pem certificate and click on Update Registry:

Docker Universal Control Plane

Now, you need to trust the UCP CA from the DTR. In the DTR interface, in Settings, paste the content of the ucp-cluster-ca.pem certificate, in Auth ByPass TLS Root CA and save:

Docker Trusted Registry

You need to copy the file dtr-ca.pem on each node in the UCP (7 by default). I used the first server to connect to others, in SSH (otherwise, you can deploy a gateway in the same range with windows server for example). I executed the following command:

sudo su –
mkdir /etc/docker/certs.d/
mkdir /etc/docker/certs.d/
vi /etc/docker/certs.d/

Paste the result of the file dtr-ca.pem. Restart the Docker service with the following command:

service docker restart

Ubuntu console

Storage update to store image in the DTR

To store your images in your Docker repository, you will need a storage account. I will continue in Azure, to create my storage account on it:

Microsoft Azure

Get the storage account name and the primary key:

Microsoft Azure

In the DTR interface, navigate to Settings > Storage and choose Azure. Provide information that you get before:

The Docker Interface

New image in the DTR

We will now push our first image in the DTR, to be able to deploy containers from this image. Connect to your DTR interface if it’s not already done and click on New repository to create a new repository:

The Docker Trusted Registry

Fill in each fields and click on Save:

Docker Trusted Registry

We will push an image on this repository. I created an image that will execute a website (running on nginx) with a custom HTML page, with the following Dockerfile (sources are here:

FROM nginx
COPY index.html /usr/share/nginx/html/

Execute the following command to build your image:

docker build –t floapp-website 

Ubuntu console

Copy the certificate drt-ca.pem on the server where you would like to connect with Docker commands. On my Debian server, I did this:

Ubuntu console

We need to connect to this hub to push our image. Here, I will connect with the same account that I used to create my repository, admin:

docker login

Change the URL by yours.

If you have the following error, do the following workaround:

Ubuntu console

vi /lib/systemd/system/docker.service
#Remplacez ExecStart=/usr/bin/docker daemon -H fd:// par la ligne suivante
ExecStart=/usr/bin/docker daemon -H fd:// –insecure-registry
systemctl daemon-reload
service docker restart
ps aux | grep docker

Ubuntu console

Now, to continue, we need to tag the image. Use the following command:

docker tag floapp-website:latest

Ubuntu console

We can now push our image to our repository that we previously created:

docker push

Ubuntu console

The sending is done:

Docker Trusted Registry

Deploy theFloAppWebsite image

We will now create a container from this image. To start, you need to download the image on our account. In the UCP, navigate to Images and click on Pull image:

Docker UCP

Provide the name of your image, in my case, and click on Pull:

Pull image

After few seconds (depending on your image size), you will be able to see her in the list of available images:

Docker UCP

Go now in Containers and click on Deploy Container. Give a name to your image and adapt parameters on your need:

Container settings


Container settings

Click on Run Container:

Container settings

After few seconds, you have your new container:

Docker UCP

If you click on the container you will be able to see which port is used, in the Network part:

Docker UCP

To test that everything is working fine, I deployed a VM on the same subnet that UCP nodes and I navigated to the IP and port provided before:

Docker welcome page

This new is perfect if you want a Docker environment and that you can’t run it in your datacenter 🙂

Related materials:

Views All Time
Views Today

Please rate this

To download the software products, please, make your choice below. An installer link and a license key will be sent to the e-mail address you’ve specified. If you consider StarWind Virtual SAN but are uncertain of the version, please check the following document Free vs. Paid. The recent build of Release Notes. A totally unrestricted NFR (Not For Resale) version of StarWind Virtual SAN is available for certain use cases. Learn more details here.

Return to all posts

Windows 2016 Makes a 100% In Box High Performance VDI Solution a Realistic Option
The Windows Server 2016 Application Platform – Nano Server, Containers and DevOps
The following two tabs change content below.
Florent Appointaire
Florent Appointaire is Microsoft Engineer with 5 years of experience, specialized in Cloud Technologies (Public/Hybrid/Private). He is a freelance consultant in Belgium from the beginning of 2017. He is MVP Cloud and Datacentre Management. He is MCSE Private Cloud and Hyper-V certified. His favorite products are SCVMM, SCOM, Windows Azure pack/Azure Stack and Microsoft Azure.