Experimenting with Docker and OpenShift

Nowadays containers are a hot topic for IT. Docker is currently one of the most popular ways to create and consume containers. If you want to get your feet wet with Docker, you can easily do that with Fedora. Part of the process is deploying a Docker image to a registry. You can use OpenShift to do this. Amazingly, you don’t even need to use an online service (free or not) to experiment with the process.

This document covers the initial steps to play with Docker and OpenShift on your own system.

Prerequisites

How to install Docker in Fedora, run these commands:

sudo dnf -y install docker
sudo systemctl enable docker

For more information on these steps, refer the Fedora Developer portal.

Next, install OpenShift:

sudo dnf -y install origin docker-registry

Configuring Docker to use OpenShift

To run OpenShift together with Docker, modify the /etc/sysconfig/docker file.

One way to do this is to allow the INSECURE_REGISTRY option and add the IP address used by OpenShift. This tells Docker to disregard security for your registry. Although it’s easy to configure the daemon this way, it’s insecure. If you run the Docker daemon or set up a registry for anything other than personal testing, this process is not recommended.

$ cat /etc/sysconfig/docker | grep INSECURE
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'

Enabling Docker in systemd

To enable the Docker daemon, run these commands:

sudo systemctl daemon-reload
sudo systemctl restart docker

Docker should start running. Check its status with systemctl:

sudo systemctl status docker

You should see similar results to this:

● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2016-11-07 15:11:41 CET; 20s ago
Docs: http://docs.docker.com
Main PID: 2769 (docker-current)
Tasks: 9
CGroup: /system.slice/docker.service
└─2769 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --insecure-registry 172.30.0.0
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.310721481+01:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.314271045+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.327088702+01:00" level=info msg="Firewalld running: true"
Nov 08 14:01:20 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:20.780845664+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16.
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937088251+01:00" level=info msg="Loading containers: start."
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937291016+01:00" level=info msg="Loading containers: done."
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937406091+01:00" level=info msg="Daemon has completed initialization"
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937513606+01:00" level=info msg="Docker daemon" commit="e03ddb8/1.10.3" execdriver=native-0.2 graphdrive
Nov 08 14:01:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.956150356+01:00" level=info msg="API listen on /var/run/docker.sock"

Starting OpenShift

To start OpenShift, run this command:

sudo oc cluster up

You should see results simliar to this:

-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v1.3.1 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ...
WARNING: Binding DNS on port 8053 instead of 53, which may be not be resolvable from all clients.
-- Checking type of volume mount ...
Using nsenter mounter for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ...
Using 10.34.4.161 as the server IP
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
OpenShift server started
-- Installing registry ... OK
-- Installing router ... OK
-- Importing image streams ... OK
-- Importing templates ... OK
-- Login to server ... OK
-- Creating initial project "myproject" ... OK
-- Server Information ...
OpenShift server started.
The server is accessible via web console at:
https://10.34.4.161:8443
You are logged in as:
User:     developer
Password: developer

To login as administrator, run this command:

oc login -u system -p admin

Use the default server and an insecure connection. (Use these options for further logins as well.) Now, both Docker and OpenShift are properly installed and running.

Creating a docker image

Let’s create a simple “helloworld” container. First create a directory called docker-hello-world:

mkdir ~/docker-hello-world
cd ~/docker-hello-world/

Now create a file called Dockerfile in the directory with the following content:

FROM fedora:24
MAINTAINER "Petr Hracek" phracek@redhat.com
CMD [ "/bin/echo" "hello world" ]

Building an image

To build a helloworld docker container, run this command:

sudo docker build -t helloworld:0.1 .

The output should be similar to this:

Sending build context to Docker daemon 2.048 kB
Step 1 : FROM fedora:24
Trying to pull repository docker.io/library/fedora ...
24: Pulling from docker.io/library/fedora
2bf01635e2a0: Pull complete
Digest: sha256:64a02df6aac27d1200c2572fe4b9949f1970d05f74d367ce4af994ba5dc3669e
Status: Downloaded newer image for docker.io/fedora:24
---> 11a5107645d4
Step 2 : MAINTAINER "Petr Hracek" phracek@redhat.com
---> Running in 5eb304ac9b65
---> 7b1559495b5e
Removing intermediate container 5eb304ac9b65
Step 3 : CMD /bin/echo 'hello world'
---> Running in 9cafe8c3e6af
---> 92282096ce32
Removing intermediate container 9cafe8c3e6af
Successfully built 92282096ce32

At the end you should see the build was successful. In case of trouble, refer to this handy best practice documentation.

Tagging an image to a local repository

To get the IMAGE ID, run this command in your local docker repository:

sudo docker images

The output should be similar to this:

REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
helloworld                                   0.1                 92282096ce32        8 minutes ago       204.4 MB
docker.io/openshift/origin-deployer          v1.3.0              5bf464732ca8        7 weeks ago         487.1 MB
docker.io/openshift/origin-docker-registry   v1.3.0              59d447094a3c        7 weeks ago         345.5 MB
docker.io/openshift/origin-haproxy-router    v1.3.0              e33d4e33dffb        7 weeks ago         506.2 MB
docker.io/openshift/origin                   v1.3.0              7b24611e640f        7 weeks ago         487.1 MB
docker.io/openshift/origin-pod               v1.3.0              35873f68181d        7 weeks ago         1.591 MB
docker.io/fedora                             24                  11a5107645d4        12 weeks ago        204.4 MB

Now, tag the docker image and push it to the local repository, using the IMAGE ID from your output:

sudo docker tag 92282096ce32 localhost.localdomain:5000/my-helloworld

Verify the helloworld container is tagged in your local docker repository. The IMAGE ID tags must be the same.

sudo docker images

Output:

REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
helloworld                                   0.1                 92282096ce32        12 minutes ago      204.4 MB
localhost.localdomain:5000/my-helloworld     latest              92282096ce32        12 minutes ago      204.4 MB
docker.io/openshift/origin-deployer          v1.3.0              5bf464732ca8        7 weeks ago         487.1 MB
docker.io/openshift/origin-docker-registry   v1.3.0              59d447094a3c        7 weeks ago         345.5 MB
docker.io/openshift/origin-haproxy-router    v1.3.0              e33d4e33dffb        7 weeks ago         506.2 MB
docker.io/openshift/origin                   v1.3.0              7b24611e640f        7 weeks ago         487.1 MB
docker.io/openshift/origin-pod               v1.3.0              35873f68181d        7 weeks ago         1.591 MB
docker.io/fedora                             24                  11a5107645d4        12 weeks ago        204.4 MB

Adding a docker image to OpenShift

You can use either of these two approaches to get a Docker image into OpenShift.

Add to OpenShift as an image

First, login to your OpenShift repository as developer and enter the password developer. You got the password earlier from the oc cluster up command.

sudo oc login -u developer

Then run this command:

sudo oc new-app helloworld:latest

Add to OpenShift docker-registry

You can access OpenShift Origin’s internal registry directly to push or pull images. This is helpful in order to create an image stream by manually pushing an image, or just to docker pull an image directly.

Two steps are required before adding a docker image to OpenShift. The first is to login with the username/password pair system:admin and the second is to get a registry IP, which is mandatory.
Login with this command:

sudo oc login -u system -p admin

To verify you’re logged in on the OpenShift instance, run this command:

sudo oc whoami

You should see:

system:admin

To get a docker-registry IP, run this command:

sudo oc get svc -n default | grep docker-registry

The output should be similar to this:

docker-registry   172.30.210.244   <none>        5000/TCP                  38m

Now, login as developer:

sudo oc login -u developer

To push a local docker image to the Origin docker-registry, run this command:

sudo docker login -u developer -p $(sudo oc whoami -t) -e <email> 172.30.210.244:5000

Now, let’s tag the docker image:

sudo docker tag localhost.localdomain:5000/my-helloworld 172.30.210.244:5000/myproject/my-helloworld

To push the docker image to the OpenShift docker-registry, run:

sudo docker push 172.30.210.244:5000/myproject/my-helloworld

To verify the previous task was successful, run:

sudo oc get is

The output should look like this:

NAME           DOCKER REPO                                  TAGS    UPDATED
my-helloworld  172.30.210.244:5000/myproject/my-helloworld  latest  5 seconds ago

To deploy your docker image on OpenShift, run:

sudo oc new-app my-helloworld:latest --name=my-helloworld

Deleting an image from the OpenShift project

To delete an image from the Openshift project called myproject, run this command:

sudo oc delete dc my-helloworld -n myproject

Storing a verified container image

If you verified a container image and you would like to share it, create a Pull Request in the container-images Github repository.

Further reading

For more information, check out GitHub – openshift/origin: Enterprise-Ready Kubernetes for Developers.

For Developers

6 Comments

  1. Rayan

    what’s openshift?
    is it external repository?
    explain please

  2. Marc

    When I tried this out on Fedora 25, I found that /etc/resolv.conf was missing, and openshift would not start. I’m not sure of the correct way to fix this, but I copied the file from /usr/lib/systemd/resolv.conf, knowing that it will probably be overwritten at reboot. At least it allowed openshift to start up.

  3. Please don’t install package docker-registry, that’s deprecated for quite some time. Otherwise pretty nice writeup.

  4. jason

    Its worth noting that Openshift Origin extends and uses kubernetes under the hood which you can run locally as well with minikube:

    https://github.com/kubernetes/minikube

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions