How to setup Docker Universal Control Plane (UCP) - DDC / DTR - AIO on VirtualBox VM w/ Swift ( Object Storage )

This is the work for set up a DDC/DTR in one VirtualBox VM for testing purpose. The installation includes Docker Universal Control Plane (UCP) and DTR ( Docker Trusted Registry ). And configure DTR backend using Swift as DTR repository. The steps might be slight different from official Docker Doc but if you follow the step you should be able to re-produce whole setup.

===Create a VirtualBox VM===

Build a Ubuntu Server ( e.g 16.04 )

you need two NICs.

1. 1st NIC ( NAT )

PS: I use port forwarding to allow me ssh into the VM 

2. 2nd NIC ( Host-only Adapter ) 

===Preparation==

1. DNS configuration 

$ vi /etc/hosts

e.g: this is just an example but you should be able to allow Swift Cluster Node resolve DDC/DTR node DNS ( or IP )

$ cat /etc/hosts

127.0.0.1        localhost

192.168.99.101        ddc.xxx.idv        ddc

2. Network Config 

#enp03

NAT

#enp08

Host-only Adapter and vboxnet0

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 08:00:27:85:29:64 brd ff:ff:ff:ff:ff:ff

    inet 10.0.2.15/24 brd 10.0.2.255 scope global enp0s3

       valid_lft forever preferred_lft forever

    inet6 fe80::a00:27ff:fe85:2964/64 scope link

       valid_lft forever preferred_lft forever

3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 08:00:27:3c:a6:c4 brd ff:ff:ff:ff:ff:ff

    inet 192.168.99.101/24 brd 192.168.99.255 scope global enp0s8

       valid_lft forever preferred_lft forever

    inet6 fe80::a00:27ff:fe3c:a6c4/64 scope link

       valid_lft forever preferred_lft forever

===Setup DDS / DTR===

1. # install docker engine

$ apt-get update && apt-get install docker-engine

PS: you can reference official docker doc: https://docs.docker.com/cs-engine/1.12/install/#/install-on-ubuntu-1404-lts

2. # install UCP

$ docker run --rm -it --name ucp   -v /var/run/docker.sock:/var/run/docker.sock   docker/ucp install --host-address 192.168.99.101 --controller-port 444 --interactive

# remove ucp ( if you would like to wipe out ucp installation )

docker run --rm -it   -v /var/run/docker.sock:/var/run/docker.sock   --name ucp   docker/ucp uninstall-ucp --interactive

3. # install DTR

docker run -it --rm docker/dtr install --ucp-node ubuntuddc --ucp-insecure-tls

PS: This will be setup default 443 port for DTR. Setting up DDC and DTR at the same node is tricky, you need to give 444 to DDC and 443 to DTR to avoid the port confliction

# join replicas dtr to cluster ( if you want to have multiple DTRs )

docker run -it --rm docker/dtr join --ucp-node ubuntuddc --ucp-insecure-tls

===Double Check Credential===

# before docker pull or docker push image

# you might see the error message when u try docker login

If you see this in your Docker

$ docker login <dtr-domain-name>

x509: certificate signed by unknown authority

Configure your host

Ubuntu/ Debian

# Download the DTR CA certificate

$ curl -k https://<dtr-domain-name>/ca -o /usr/local/share/ca-certificates/<dtr-domain-name>.crt

$ curl -k https://192.168.99.101:444/ca

-----BEGIN CERTIFICATE-----

MIIBgTCCASegAwIBAgIUFJ63qsoTIODYFs0ZJXZT6Kps3VQwCgYIKoZIzj0EAwIw

HTEbMBkGA1UEAxMSVUNQIENsaWVudCBSb290IENBMB4XDTE3MDIwODIxMDkwMFoX

DTIyMDIwNzIxMDkwMFowHTEbMBkGA1UEAxMSVUNQIENsaWVudCBSb290IENBMFkw

EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4PhC2mNXL/6qpivf+yv+nJHfYCZqDu9B

H16XGYAiK9WN0l3Txl/3qfdwD3uUzlIqpGWyo+lITPGHEjVib1EtvqNFMEMwDgYD

VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKTl+cIz

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

fr48dqc=

-----END CERTIFICATE-----

Thus I did this

$ curl -k https://192.168.99.101:444/ca

 -o /usr/local/share/ca-certificates/ddc.xxx.idv.crt

# Refresh the list of certificates to trust

$ sudo update-ca-certificates

# Restart the Docker daemon

$ sudo service docker restart

For example my VirtualBox IP is 192.168.99.101 ( DDC / DTR at same VM )

$ docker login 192.168.99.101

Username: admin

Password:

Login Succeeded

===Configure in DTR Portal===
Go to Setting and Storage Tab

configure your Swift Credential

===Create Image Repository===

Go to Repository and create a Repository "Repository = Docker Image", it's 1 vs 1 mapping after I try and error couple times.

PS: registry name have to match your image name

Tag your image with DTR Repository Setting ( PS: you have to have image first , otherwise you will need $ docker pull busybox )

$ docker tag busybox 192.168.99.101/admin/busybox

Push Image to DTR Repository

$ docker push 192.168.99.101/admin/busybox

The push refers to a repository [192.168.99.101/admin/busybox]

38ac8d0f5bb3: Pushed

latest: digest: sha256:817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e size: 527

===Double Check on DTR===

Then Double Check in DTR, then you can see the tag, manifest … etc

===Double Check in Swift===