Docker Trusted Trusted Registry(DTR) Installation and Replication To Install Docker Trusted Registry(DTR), we need to install Universal Control Plane (UCP), since DTR runs on a UCP. Further to install UCP, Docker C !ngine o" #.#$ or a%ove is re&uired.
Installing Docker C !ngine #.#$' dding dding Docker *u%lic key "or C *ackages $ sudo rpm --import " https://sks-keyservers. https://sks-keyservers.net/pks/lookup? net/pks/lookup? op=get&search=0xeed!c#dc% op=get&sear ch=0xeed!c#dc%edd!#!'a(%a edd!#!'a(%acc%#!e cc%#!e". ".
Installing yu+utils $ sudo yum install -y yum-utils
dding the docker Re*ository $sudo yum-con#ig-manager --add-repo https://packages.docker.com/(.(0/yum/repo/main/centos/
Installing docker C !ngine $sudo yum install docker-engine
!na%ling the docker dae+on service and starting it $ sudo systemctl ena)le docker.service $ sudo systemctl start docker.service
-ote' "ter installing installing the Docker "lush the i*ta%les, i*ta%les, so that all all the re&uired *orts "or installing installing UCP are o*ened. $ipta)les -*
Installing Universal Control Plane (UCP) "ter installing the docker, UCP can %e installed %y using the docker/ucp I+age, which can %e *ulled "ro+ the Docker /u%. This I+age has the co++ands to run,con"igure, and %acku* UCP. 0y using "docker/ucp install we can install the UCP. "
$docker run --rm -it --name ucp + -v /var/run/docker.sock:/var/run/docker.sock + docker/ucp install -i + --host-address (0.(0%.((%.(,.
1nce the installation is co+*leted we can check the UCP we% a**lication is running. https://(0.(0%.((%.(, . ote: 1nce installing the UCP restart the docker service at this *oint.
Installing Docker Trusted Registry (DTR) Docker UCP secures the uc* cluster with role%ased access control, so that only authori2ed users can *er"or+ changes to the cluster. o, when running docker co++ands on a UCP node, you need to authenticate re&uest using client certi"icates. These certi"icates can %e i+*orted "ro+ the UCP Client 0undle. To download a client certi"icate %undle, log into UCP , and navigate to your profile page.
3e can get the certi"icates used %y UCP %y' $curl -k https://(0.(0%.((%.(,/ca ucp-ca.pem
ince UCP considers DTR as a node, "irst add a DTR node in UCP and then install the DTR(in the DTR server) dding the UCP -ode' -avigate to odes in UCP we% a**lication and click ode, which gives a co++and to 4oin the DTR node with UCP
Run the a%ove 4oin co++and in the server which we need to install DTR (%e"ore running the DTR install Co++and) $curl -k https://(0.(0%.((%.(,/ca ucp-ca.pem $docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp 1oin + --admin-username admin + --interactive + --url https://(0.(0%.((%.(, + --#ingerprint %:%!:2:,:':%!:*:':30:*:*:%:%:4':0:3,:%':(:(3::%':!:0:%: '::*0::30:(%:(:* ote:t this *oint restart the docker service.
"ter success"ully runnig the 4oin co++and we can see the node which we need to 4oin to uc* under the 526 section o" uc* we% a**lication.
"ter adding the node in uc* we can install DTR using 78 9nstall Co++and $docker run -it --rm + docker/dtr install + --ucp-url https://(0.(0%.((%.(, + --ucp-node dtrs)(.sdo.marriott.com + --dtr-external-url (0.(0%.((%.(( + --ucp-username admin --ucp-passord ;ork,ls + --ucp-ca "$
1nce the DTR installation is done success"ully, DTR a**lication will %e listed in a**lications section o" UCP with a replica 9.
3e can access DTR through it5s IP or hostna+e ( https://(0.(0%.((%.(()
t this *oint Installation o" DTR is co+*leted.
Docker Trusted Registry Re*lication' To set u* DTR "or high availa)ility, we can add +ore re*licas to DTR cluster. dding +ore re*licas allows to load%alance re&uests across all re*licas, and kee* DTR working i" a re*lica "ails. s a re*lica is nothing %ut a co*y o" the DTR (-ode#), as si+ilar to the DTR# we need to create a new node in uc* and then 4oin the -ew DTR Re*lica (-ode6) to the e7isting one using the docker/dtr 1oin co++and.
curl -k https://(0.(0%.((%.(,/ca ucp-ca.pem $docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp 1oin + --admin-username admin + --interactive + --url https://(0.(0%.((%.(, + --#ingerprint %:%!:2:,:':%!:*:':30:*:*:%:%:4':0:3,:%':(:(3::%':!:0:%: '::*0::30:(%:(:*
ote:t this *oint restart the docker service.
"ter adding the node in uc* we can 8oin theDTR re*lica to the already e7isting DTR using 78 1oin Co++and docker run it r+ 9 docker:dtr 4oin 9 uc*url htt*s'::#$.#$;.##;.6#< 9 uc*node dtrs%6.sdo.+arriott.co+ 9 e7istingre*licaid =ca=c>e6>%%$ 9 uc*userna+e ad+in uc**assword 3ork<6ls 9 uc*ca ?(cat uc*ca.*e+)
1nce the Relica is 4oined success"ully, DTR Re*lica will %e listed in a**lications section o" UCP with a new replica 9.
3e can access DTR Relica through it5s IP or hostna+e (https://(0.(0%.((%.(() which indeed *oints out to DTR -ode#
t this *oint one DTR Re*lica is created. In the si+ilar way +any nu+%er o" DTR Re*lica5s can %e added to the Cluster.
