After DevOps Playground meetups, we like to go over the key points of each event.
The DevOps Playground held at the ECS Digital office last week - 28th February 2017 - was particularly eventful! Here’s why…
The DevOps Playground
During our meetups, we try to guide attendees through a practical use-case. Attendees bring their own laptops, so that the speaker can walk them through DevOps technologies.
This time, we explored Rancher, an awesome container orchestration/management tool.
The usecase for this session was to: Install the Rancher server and agents, distribute it against the all the machines present that evening, deploy containers and to explore native scaling and load-balancing with Rancher.
We had pre-prepared AWS instances for everyone, into which we should have ssh’ed using the ssh keys stored in an AWS S3 bucket. From that point we should have pulled the Rancher server/agents containers from DockerHub and followed the plan. However…
Between 5pm and 6pm, we noticed a couple of issues:
- We could not retrieve the AWS key pair from S3 (internal error).
- The DockerHub Registry service became unreachable (timeout).
The first issue was simple to work-around. We simply chose another form of media to share our documents with the attendees.
A few hours passed before we realized the first issue was linked to the second.
We couldn’t find an easy solution for the DockerHub Registry being down.
Ignoring the S3 issue, as in this case, we were simply using it to share files, let’s investigate a couple of solutions to prevent future DevOps Playground to be blocked again:
Alternatives to DockerHub
As a reminder, a Docker Registry is a sort of Repository for container images, against which we docker push and docker pull.
Below are a few alternatives, which vary in difficulty to set up:
Quay.io is a CoreOS product and a DockerHub competitor. It is a hosted solution that enables the user to privately store, control access. Plus, Quay.io is design with automation in mind.
- AWS EC2 Container Registry (ECR)
We - at ECS Digital - are using ECR to store our custom or critical Docker Images.
The mains advantages of ECR are the renowned reliability of AWS and the ease of setting it up. Due to last week’s AWS S3 outage, it's worth also looking into a third option:
- Your own Private Docker Registry
A registry owned and secured yourself, completely independant (unless you choose S3 as a storage backend…). The setup could be as simple as the one below or more complex, secure and redundant.
Focusing on the last point, and still in the context of the Rancher DevOps Playground, let’s tweak the official Docker Registry documentation to see how simple setting up a registry is.
How-to setup a basic Docker Registry:
As the registry is a Docker container, DockerHub Registry Service must be available when we set this up. The below assumes the registry will run locally:
Now that the registry is up and running, we can proceed to download the docker images we need from the DockerHub Registry Service, here Rancher/server, and upload them to our local registry:
Note: the docker tag command allows us, amongst other things, to specify the location of the private Docker registry.
Finally, we upload our rancher-server-meetup image to our local Docker Registry:
Please have a look at the docker documentation to harden this simple private registry setup.
Had this been in place for our Rancher meetup, with all the correct images we needed, the Hands-on meetup would have ran as expected!
My thanks to Alejandro Garrido, DevOps Engineer at Sky; Simon Robinson and Chris Urwin - from Rancher - for their help making this 10th DevOps playground another success, despite our challenges!
Useful links and sources:
Get Rancher: http://rancher.com/
Docker Registry Docs: https://docs.docker.com/registry/deploying/#running-on-localhost
This event’s github: https://github.com/ForestTechnologiesLtd/devopsplayground10-rancher
Quay.io : https://quay.io/