Docker Quick Start
Kennel
Fifo uses an optional service "Kennel" to implement the Docker Remote API. While you can use Fifo just fine without Kennel you will need to install it to use Docker.
Installing Kennel
curl -O https://project-fifo.net/fifo.gpg
gpg --primary-keyring /opt/local/etc/gnupg/pkgsrc.gpg --import < fifo.gpg
echo "http://release.project-fifo.net/pkg/rel" >> /opt/local/etc/pkgin/repositories.conf
pkgin -fy up
pkgin install fifo-kennel
svcadm enable epmd
svcadm enable kennel
svcs epmd kennel
Port Conflicts
If you are running Kennel on the same VM as Fifo Howl you will need to change the port in the Kennel config from 443 to something like 8443.
Create Fifo CA and Update Service Configs
Docker remote api certificates for both securing traffic and for user authentication. As a way to get started faster you can use a script that will generate all the necessary keys and update your service configurations. Please note that if you have multiple Fifo servers you will need to copy the keys, certificates, and configurations to all others after updating the first server.
Start by downloading the quick start script to your Fifo server.
curl -O https://raw.githubusercontent.com/project-fifo/op-tools/0.7.1/create_fifo_ca
chmod +x create_fifo_ca
Once you have downloaded you can (optionally) open in your favorite editor and modify the "CERTSUBJECT" variable. If you wish you can leave the defaults.
Run the script with ./fifo_ca.sh
Upon successful completion you should see a notice about restarting Fifo services.
Install Docker on Client
Version 0.7.1 of Kennel supports Docker API version 1.20. Your client will need Docker 1.8.3 installed to use this API version. You can download the correct binary for your platform using the following links:
| Platform | URL |
|---|---|
| Mac OSX 32bit | https://get.docker.com/builds/Darwin/i386/docker-1.8.3 |
| Mac OSX 64bit | https://get.docker.com/builds/Darwin/x86_64/docker-1.8.3 |
| Linux 32bit | https://get.docker.com/builds/Linux/i386/docker-1.8.3 |
| Linux 64bit | https://get.docker.com/builds/Linux/x86_64/docker-1.8.3 |
| Windows 32bit | https://get.docker.com/builds/Windows/i386/docker-1.8.3.exe |
| Windows 64bit | https://get.docker.com/builds/Windows/x86_64/docker-1.8.3.exe |
OSX and Linux users must set the file's execute bit (chmod +x)
Prepare Client Certificates
PyFi Required
This step requires PyFi to be installed on your client. If you do not yet have Pyfi please see https://docs.project-fifo.net/docs/installing-pyfi
Due to the possibility of a man in the middle attack it is up to the user to use a secure method to copy the Fifo CA certificate to your Docker directory (SCP, Snail Mail, Carrier Pigeon, ect). The default location for the Fifo CA certificate is /var/db/fifo/fifo-ca.pem The correct location for this file on the client is ~/.docker/ca.pem
Make sure you are operating in the Docker directory. cd ~/.docker
Create a private key for the user with the following command: openssl genrsa -out key.pem 2048
With the newly created key create a request to send to the server: openssl req -new -key key.pem -out client.csr
Now that a certificate signing request has been requested we must sign it with the Fifo CA and add it the the correct user account.
fifo users sign {{FIFO_USER_UUID}} --csr client.csr > cert.pem
Run Docker
Docker should now be setup and ready to run. Test everything out by running a simple command: ./docker-1.8.3 -H 172.16.2.210:8443 --tlsverify version which should show server OS of SunOS.
Make your life easier!
alias docker='docker-1.8.3 -H 172.16.2.210:8443 --tlsverify'
Which would make the previous command:docker version
Updated less than a minute ago