Nowadays containers are a hot topic for IT. Docker is currently one of the most popular ways to create and consume containers. If you want to get your feet wet with Docker, you can easily do that with Fedora. Part of the process is deploying a Docker image to a registry. You can use OpenShift to do this. Amazingly, you don’t even need to use an online service (free or not) to experiment with the process.
This document covers the initial steps to play with Docker and OpenShift on your own system.
Prerequisites
How to install Docker in Fedora, run these commands:
sudo dnf -y install docker sudo systemctl enable docker
For more information on these steps, refer the Fedora Developer portal.
Next, install OpenShift:
sudo dnf -y install origin docker-registry
Configuring Docker to use OpenShift
To run OpenShift together with Docker, modify the /etc/sysconfig/docker file.
One way to do this is to allow the INSECURE_REGISTRY option and add the IP address used by OpenShift. This tells Docker to disregard security for your registry. Although it’s easy to configure the daemon this way, it’s insecure. If you run the Docker daemon or set up a registry for anything other than personal testing, this process is not recommended.
$ cat /etc/sysconfig/docker | grep INSECURE # adding the registry to the INSECURE_REGISTRY line and uncommenting it. INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'
Enabling Docker in systemd
To enable the Docker daemon, run these commands:
sudo systemctl daemon-reload sudo systemctl restart docker
Docker should start running. Check its status with systemctl:
sudo systemctl status docker
You should see similar results to this:
● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2016-11-07 15:11:41 CET; 20s ago Docs: http://docs.docker.com Main PID: 2769 (docker-current) Tasks: 9 CGroup: /system.slice/docker.service └─2769 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --insecure-registry 172.30.0.0 Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.310721481+01:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\"" Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.314271045+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds" Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.327088702+01:00" level=info msg="Firewalld running: true" Nov 08 14:01:20 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:20.780845664+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937088251+01:00" level=info msg="Loading containers: start." Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937291016+01:00" level=info msg="Loading containers: done." Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937406091+01:00" level=info msg="Daemon has completed initialization" Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937513606+01:00" level=info msg="Docker daemon" commit="e03ddb8/1.10.3" execdriver=native-0.2 graphdrive Nov 08 14:01:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine. Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.956150356+01:00" level=info msg="API listen on /var/run/docker.sock"
Starting OpenShift
To start OpenShift, run this command:
sudo oc cluster up
You should see results simliar to this:
-- Checking OpenShift client ... OK -- Checking Docker client ... OK -- Checking Docker version ... OK -- Checking for existing OpenShift container ... OK -- Checking for openshift/origin:v1.3.1 image ... OK -- Checking Docker daemon configuration ... OK -- Checking for available ports ... WARNING: Binding DNS on port 8053 instead of 53, which may be not be resolvable from all clients. -- Checking type of volume mount ... Using nsenter mounter for OpenShift volumes -- Creating host directories ... OK -- Finding server IP ... Using 10.34.4.161 as the server IP -- Starting OpenShift container ... Creating initial OpenShift configuration Starting OpenShift using container 'origin' Waiting for API server to start listening OpenShift server started -- Installing registry ... OK -- Installing router ... OK -- Importing image streams ... OK -- Importing templates ... OK -- Login to server ... OK -- Creating initial project "myproject" ... OK -- Server Information ... OpenShift server started. The server is accessible via web console at: https://10.34.4.161:8443 You are logged in as: User: developer Password: developer
To login as administrator, run this command:
oc login -u system -p admin
Use the default server and an insecure connection. (Use these options for further logins as well.) Now, both Docker and OpenShift are properly installed and running.
Creating a docker image
Let’s create a simple “helloworld” container. First create a directory called docker-hello-world:
mkdir ~/docker-hello-world cd ~/docker-hello-world/
Now create a file called Dockerfile in the directory with the following content:
FROM fedora:24 MAINTAINER "Petr Hracek" phracek@redhat.com CMD [ "/bin/echo" "hello world" ]
Building an image
To build a helloworld docker container, run this command:
sudo docker build -t helloworld:0.1 .
The output should be similar to this:
Sending build context to Docker daemon 2.048 kB Step 1 : FROM fedora:24 Trying to pull repository docker.io/library/fedora ... 24: Pulling from docker.io/library/fedora 2bf01635e2a0: Pull complete Digest: sha256:64a02df6aac27d1200c2572fe4b9949f1970d05f74d367ce4af994ba5dc3669e Status: Downloaded newer image for docker.io/fedora:24 ---> 11a5107645d4 Step 2 : MAINTAINER "Petr Hracek" phracek@redhat.com ---> Running in 5eb304ac9b65 ---> 7b1559495b5e Removing intermediate container 5eb304ac9b65 Step 3 : CMD /bin/echo 'hello world' ---> Running in 9cafe8c3e6af ---> 92282096ce32 Removing intermediate container 9cafe8c3e6af Successfully built 92282096ce32
At the end you should see the build was successful. In case of trouble, refer to this handy best practice documentation.
Tagging an image to a local repository
To get the IMAGE ID, run this command in your local docker repository:
sudo docker images
The output should be similar to this:
REPOSITORY TAG IMAGE ID CREATED SIZE helloworld 0.1 92282096ce32 8 minutes ago 204.4 MB docker.io/openshift/origin-deployer v1.3.0 5bf464732ca8 7 weeks ago 487.1 MB docker.io/openshift/origin-docker-registry v1.3.0 59d447094a3c 7 weeks ago 345.5 MB docker.io/openshift/origin-haproxy-router v1.3.0 e33d4e33dffb 7 weeks ago 506.2 MB docker.io/openshift/origin v1.3.0 7b24611e640f 7 weeks ago 487.1 MB docker.io/openshift/origin-pod v1.3.0 35873f68181d 7 weeks ago 1.591 MB docker.io/fedora 24 11a5107645d4 12 weeks ago 204.4 MB
Now, tag the docker image and push it to the local repository, using the IMAGE ID from your output:
sudo docker tag 92282096ce32 localhost.localdomain:5000/my-helloworld
Verify the helloworld container is tagged in your local docker repository. The IMAGE ID tags must be the same.
sudo docker images
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE helloworld 0.1 92282096ce32 12 minutes ago 204.4 MB localhost.localdomain:5000/my-helloworld latest 92282096ce32 12 minutes ago 204.4 MB docker.io/openshift/origin-deployer v1.3.0 5bf464732ca8 7 weeks ago 487.1 MB docker.io/openshift/origin-docker-registry v1.3.0 59d447094a3c 7 weeks ago 345.5 MB docker.io/openshift/origin-haproxy-router v1.3.0 e33d4e33dffb 7 weeks ago 506.2 MB docker.io/openshift/origin v1.3.0 7b24611e640f 7 weeks ago 487.1 MB docker.io/openshift/origin-pod v1.3.0 35873f68181d 7 weeks ago 1.591 MB docker.io/fedora 24 11a5107645d4 12 weeks ago 204.4 MB
Adding a docker image to OpenShift
You can use either of these two approaches to get a Docker image into OpenShift.
Add to OpenShift as an image
First, login to your OpenShift repository as developer and enter the password developer. You got the password earlier from the oc cluster up command.
sudo oc login -u developer
Then run this command:
sudo oc new-app helloworld:latest
Add to OpenShift docker-registry
You can access OpenShift Origin’s internal registry directly to push or pull images. This is helpful in order to create an image stream by manually pushing an image, or just to docker pull an image directly.
Two steps are required before adding a docker image to OpenShift. The first is to login with the username/password pair system:admin and the second is to get a registry IP, which is mandatory.
Login with this command:
sudo oc login -u system -p admin
To verify you’re logged in on the OpenShift instance, run this command:
sudo oc whoami
You should see:
system:admin
To get a docker-registry IP, run this command:
sudo oc get svc -n default | grep docker-registry
The output should be similar to this:
docker-registry 172.30.210.244 <none> 5000/TCP 38m
Now, login as developer:
sudo oc login -u developer
To push a local docker image to the Origin docker-registry, run this command:
sudo docker login -u developer -p $(sudo oc whoami -t) -e <email> 172.30.210.244:5000
Now, let’s tag the docker image:
sudo docker tag localhost.localdomain:5000/my-helloworld 172.30.210.244:5000/myproject/my-helloworld
To push the docker image to the OpenShift docker-registry, run:
sudo docker push 172.30.210.244:5000/myproject/my-helloworld
To verify the previous task was successful, run:
sudo oc get is
The output should look like this:
NAME DOCKER REPO TAGS UPDATED my-helloworld 172.30.210.244:5000/myproject/my-helloworld latest 5 seconds ago
To deploy your docker image on OpenShift, run:
sudo oc new-app my-helloworld:latest --name=my-helloworld
Deleting an image from the OpenShift project
To delete an image from the Openshift project called myproject, run this command:
sudo oc delete dc my-helloworld -n myproject
Storing a verified container image
If you verified a container image and you would like to share it, create a Pull Request in the container-images Github repository.
Further reading
For more information, check out GitHub – openshift/origin: Enterprise-Ready Kubernetes for Developers.
Rayan
what’s openshift?
is it external repository?
explain please
Paul W. Frields
@Rayan: https://www.openshift.com/about/ — it’s a Platform as a Service (PaaS) system. The origin package has a fully free and open source implementation you can use on Fedora.
Jaša Bartelj
@Rayan A very good introductory webinar and demo by a Red Hat developer using OpenShift can be found at https://vts.inxpo.com/Launch/Event.htm?ShowKey=35254
The site does require Flash, though.
Marc
When I tried this out on Fedora 25, I found that /etc/resolv.conf was missing, and openshift would not start. I’m not sure of the correct way to fix this, but I copied the file from /usr/lib/systemd/resolv.conf, knowing that it will probably be overwritten at reboot. At least it allowed openshift to start up.
Tomáš
Please don’t install package docker-registry, that’s deprecated for quite some time. Otherwise pretty nice writeup.
jason
Its worth noting that Openshift Origin extends and uses kubernetes under the hood which you can run locally as well with minikube:
https://github.com/kubernetes/minikube