Setting Up Docker Enterprise with Universal Control Plane and Trusted Registry

Note: Perform the following steps on all three servers:

1. Start a free trial for Docker EE:

If you don't have a Docker EE trial already started, then launch one here: https://hub.docker.com/editions/enterprise/docker-ee-trial. This free trial lasts up to a month, but another one can be started right after it expires.

1. Go to https://hub.docker.com/my-content and retrieve a unique URL for Docker EE.

2. Click Setup.

3. Copy the URL generated for Docker EE.

4. Set a few environment variables. Ensure that the unique URL generated for Docker EE is also used here:

DOCKER_EE_URL=<YOUR_DOCKER_EE_URL> 
DOCKER_EE_VERSION=18.09

1. Verify that the required packages install successfully:

sudo apt-get install -y 
    apt-transport-https 
    ca-certificates 
    curl 
    software-properties-common

1. Add the gpg key and repository using the unique URL for Docker EE:

curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -

sudo add-apt-repository 
   "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu 
   $(lsb_release -cs) 
   stable-$DOCKER_EE_VERSION"

1. Install Docker EE:

sudo apt-get update

sudo apt-get install -y docker-ee=5:18.09.4~3-0~ubuntu-bionic

1. Apply cloud_user access to run the Docker commands:

sudo usermod -a -G docker cloud_user

Log out and log back in again.

1. Test the Docker EE installation to verify that it's working:

docker version

Note: Perform the following steps on the UCP manager server:

1. Pull the UCP image:

docker image pull docker/ucp:3.1.5

1. Set an environment variable to the private IP address of the UCP manager server:

PRIVATE_IP=10.0.1.101

1. Use the UCP image for the installation:

docker container run --rm -it --name ucp 
  -v /var/run/docker.sock:/var/run/docker.sock 
  docker/ucp:3.1.5 install 
  --host-address $PRIVATE_IP 
  --interactive

1. Enter new admin credentials when prompted, and then take note of them as we will need them later on in this lab.

2. Once the installation completes, a prompt will appear for additional aliases, press Enter to select the default.

3. In a web browser go to: https://[UCP manager Public IP] for accessing the UCP manager.

Note: A warning about the self-signed certificate's validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

1. Use the admin credentials that were created during the initial setup process to log in.

2. A prompt will appear asking for a license file. Keep the UCP tab open and use a new tab to download the license.

3. Go to the Docker site: https://hub.docker.com/my-content to retrieve the license file.

4. Click Setup.

5. Under the Resources section, click License Key to download the required license file.

6. Click Upload License.

7. Return to UCP manager in a web browser and insert the license file that was obtained from Docker Hub.

1. Navigate back to the UCP manager interface in a web browser to retrieve the worker join command. We will also generate a docker swarm join command that can be copied.
2. Click Shared Resources.
3. Click Nodes.
4. Click Add Node.
5. Apply the following values on the Add Node page:
   • Node type: Linux
   • Node role: Worker
6. Run the join command on both of the worker nodes.
7. Copy the docker swarm join command obtained from the UCP manager and run it on both of the worker nodes.

Get the DTR setup command from the UCP manager by performing the following steps:

1. Access the UCP manager from a web browser.
2. Click Admin > Admin Settings.
3. Click Docker Trusted Registry.
4. On the Admin Settings page locate the UCP Node section.
5. Click ip-10-0-1-102.
6. Click the checkbox labeled Disable TLS verification for UCP.
7. The UCP page will generate a docker run command that can be copied.

Note: To run the setup command, we need to modify the command provided by the UCP manager.

1. In the line with the flag --ucp-url, we will see the public IP of the UCP manager. With a text editor, such as https://www.editpad.org/, replace the public IP with the UCP manager private IP 10.0.1.101.

2. Paste and run the modified command on the DTR worker server.

3. When prompted for the ucp-password, enter the admin password that was created when we set up the UCP manager.

4. Access DTR from a web browser by entering: https://DTR_WORKER_PUBLIC_IP.

Note: A warning about the self-signed certificate's validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

Use the same admin credentials that we created when setting up the UCP manager to log in.