Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Presentacin de PowerPoint
FIWARE Docker Container Service (FDCS)Getting StartedKenneth [email protected]
This presentation introduces the FIWARE Docker Container Service and describes how you can start using the service.
Multi-Tenant Swarm
.
clientclientdocker-clidocker-composedocker api, any tool basedondocker-api
Docker Container Service
Keystone
Keystone apiexternal ipexternal ipNFSDocker Container Service (FDCS)
The FIWARE Docker Container Service., FDCS. Allows you to manage your docker containers, volumes, and networks remotely from your local Docker client. You do not have to worry about creating or managing docker hosts, since the service maintains a cluster of docker hosts that you can use.
Many tenants may share the services resources, but they are isolated from each other.
In this illustration we show a local Docker client remotely managing its Docker containers from a work station, but the containers are running on the FDCS cluster.
Most of the communication between the client and the service is through the Docker REST API.
But the client must get a valid token from FIWAREs Openstack Keystone Identity Management Service.
Once a valid token is obtained the client can use the docker cli or docker compose to create and deploy complex Docker services.
Multi-Tenant Isolation and Multi-Tenant Name Scoping
Tenant 1Docker Container Service
Keystone
Tenant 2Tenant 3
nfsMulti-Tenant Swarm
The services tenants share docker host resources, but are isolated from each other!; We refer to this feature as Multi-Tenant Isolation.
The service also allows its tenants to use the same names to identify their resources without interfering with each other; We refer to this feature as Multi-Tenant Name Scoping.
Getting started is simpleSign up FIWARE lab account (https://account.lab.fiware.org/sign_up/)Apply for access to the serviceContact [email protected] your local environment to work remotely with the service.Use docker! Both Docker CLI and Docker Compose can be used out of the box
Getting started is simple.The first step is to sign up for a FIWARE lab account.The second step is to apply for access to the service by sending us an email.The next step is setting up your local docker client environment to work remotely with the service.Once this is done you can use the docker dli and docker-compose to transparently manage your docker resources on the services cluster.
Details on how to accomplish all this follows.
Signing up for a FIWARE Lab account is simple. Just submit the required information. You should be authorized within a day or two.
Login to your FIWARE lab account.Notice your name in the top right hand corner.This is the name you need to send to us when applying for authorization to use FDCS.Also, notice that the organization list contains a list of the tenants of which you are a member. Each tenant has a tenant name and tenant id.The tenant id is used to identify your tenant to the service.
sers can be members of multiple tenants.Also, users can create their own tenants and add other users to their tenants.
Every docker request to the service will require a valid user keystone token and tenant id.
We will discuss how to obtain the token and tenant id later.
7Set up your local environmentremote docker host endpointDOCKER_HOST:
>export DOCKER_HOST=tcp://docker.lab.fiware.org:2376>docker docker H flag:
>docker -H tcp://docker.lab.fiware.org:2376 >docker [--config ]
Once you have received permission to use the service you can set up your local environment so that your docker client can transparently communicate with the service.
There are two methods to tell your local docker client to send its request to the services url at docker.lab.fiware.org.
One way is to export the service's URL to the DOCKER_HOST environment variable.
The other is to reference the URL in each docker command using the -H flag.
8Set up your local environmentconfig.jsonconfig.json:
{ "HttpHeaders": { "X-Auth-Token": , "X-Auth-TenantId": } } config.json describes additional headers to send to a remote docker service.By default in $HOME/.docker/config.json, but docker config can override default. >docker >docker [--config ]
The docker config.json file describes additional headers to include in the docker REST api sent to a remote docker service.
FDCS requires headers X-Auth-Token and X-Auth-TenantId to contain your keystone token and keystone tenant id
By default config.json resides in your home docker directory, but the docker config flag can be used to override the default directory.
9Set up your local environmentset_docker_conf.bash
>export TENANT_NAME=
Related Documents
