Prerequisites to installing Docker UCP
The following pre-requisites are for UCP v 0.5 (beta). Some of these could change once UCP hits GA, but it is quite unlikely.
- Linux kernel 3.16 or later. (Older kernel versions will work with UCP, but >=3.16 is required if you want to leverage docker's uber cool multi host networking capabilities.)
- Docker version >=1.9 pre-installed on all nodes (Recommend that at least 2 nodes are available)
- Account on Docker Hub (Create an account at https://hub.docker.com/ if you do not have one)
- Access to super user mode (sudo or root)
- (Ability to) Open firewall ports (incoming into the UCP master: 443, 2376, 12376, 12379, 12380, 12381, 12382)
Default installation
Let's make one of the nodes as the UCP server / master. The other(s) would be the agent(s) or slave(s). UCP uses swarm under the hood, so the concept is the same as the "swarm manager" and the "swarm joined nodes", if you're familiar with swarm. Installation involves installation and configuration of UCP components on both sets of nodes. Ideally in a production setup a configuration management engine such as Puppet/Chef would be leveraged to automate this task.
To perform the installation manually, follow the steps below: On one of the node (preferably the beefier one, which has nothing else other than default OS and related utilities installed), run this command.
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp dockerorca/ucp install -i
You'll be prompted for additional information:
Unable to find image 'dockerorca/ucp:latest' locally
latest: Pulling from dockerorca/ucp
f08f7de64c4e: Pull complete
87a6bbaf1f90: Pull complete
Digest: sha256:ed7e723c1a42d0b09b3b7e2743dd61543140363c6aa18c5ea9856fca823f3be8
Status: Downloaded newer image for dockerorca/ucp:latest
INFO[0000] Verifying your system is compatible with UCP
Please choose your initial Orca admin password:
Confirm your initial password:
INFO[0010] Pulling required images
Please enter your Docker Hub username: anoop
Please enter your Docker Hub password:
Please enter your Docker Hub e-mail address: xxxanoop@xxl.com
INFO[0044] Pulling required images
WARN[0055] None of the hostnames we'll be using in the UCP certificates [ip-172-31-39-14 127.0.0.1 172.17.0.1 172.31.39.14] contain a domain component. Your generated certs may fail TLS validation unless you only use one of these shortnames or IPs to connect. You can use the --san flag to add more aliases
You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases: ec2-xx-xx-115-5.compute-1.amazonaws.com
INFO[0065] Installing UCP with host address 172.31.39.14 - If this is incorrect, please use the '--host-address' flag to specify a different address
INFO[0003] Generating Swarm Root CA
INFO[0015] Generating UCP Root CA
INFO[0017] Deploying UCP Containers
INFO[0023] UCP instance ID: 4F5R:LFCQ:LPTF:XOCL:G3L4:JEVR:LUIP:RZDW:42U6:3ZBE:PLN2:IEDG
INFO[0023] UCP Server SSL: SHA1 Fingerprint=81:A0:50:E6:39:EC:A1:34:D9:95:CD:F3:42:C7:68:9B:FD:57:69:36
INFO[0023] Login as "admin"/(your admin password) to UCP at https://172.31.39.14:443
If, like me, you love to see what's going on under the hood or in the event you need to troubleshoot issues, add the --debug flag like below:
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp dockerorca/ucp install -i --debug
Re-installing (when things go wrong or just for the heck of it)
If you want to reinstall UCP there are two ways to do that. The automated way is to just run the command below:
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp dockerorca/ucp install -i --fresh-install
The --fresh-install flag will ensure that the environment is cleaned of all ucp related containers, images and volumes.
You could do the same manually using the commands below (warning: this may delete data, use at your own risk)
docker rm -f $(docker ps -qa) && docker rmi -f $(docker images -qa) && docker volume rm $(docker volume ls -q)
And then use the same command as above to re-run with install -i.
Uninstalling
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp dockerorca/ucp uninstall
External CA
In many large & federal organizations, it is expected that they have an in-house Certificate Authority and issue organizational CA-signed certificates. In such cases, it may be necessary to integrate UCP with the the external certificates as opposed to the default mode where the UCP server generates its own self-signed certificates. Read more...