Docker quickstart for Triton

Docker client applications, including the Docker CLI, can connect to the Triton remote API endpoint to launch and control Docker containers across an entire Triton data center.

Connecting to the API requires an account on the Triton data center, SSH key, and the CloudAPI URL for that data center, as well as the Docker CLI or some other Docker client. Joyent provides a helper script to configure a Docker client, including the Docker CLI.

Each data center is a single Docker API endpoint. CloudAPI is used as a helper to configure the client to connect to the Docker Remote API. Determining the correct CloudAPI URL depends on which data center you're connecting to. Please check the data centers page for details about which data centers support the Triton Docker service today.

Quick start

There are just three steps to using Docker on Triton:

  1. Install Docker
  2. Configure Docker for Triton
  3. Run a container

Install the Docker Engine

Install or update the Docker tools for your platform. These are the tools that run on your laptop or other environement where you develop and manage applications.

  1. Apple OS X
    • Install Docker Toolbox
    • Alternatively use Homebrew to install the Docker Engine. Use brew install docker to install only docker and not any of the other tools.
  2. Linux
  3. Microsoft Windows

Configure Docker for Triton

Configuring Docker for Triton requires four things:

  1. Your Triton username, sometimes called SDC account or Joyent account username.
  2. The path to your SSH private key, one of the SSH keys you registered when creating your account.
  3. The CloudAPI URL for the data center you wish to use.
  4. The sdc-docker-setup.sh script to do the work of bringing everything together.

First, download the sdc-docker-setup.sh script:

curl -O https://raw.githubusercontent.com/joyent/sdc-docker/master/tools/sdc-docker-setup.sh

Now execute the script, substituting the correct values for your Triton username, SSH key path, and data center URL:

bash sdc-docker-setup.sh   

For example, if you created an account on Joyent's hosted Triton service, with the username jill, SSH key file ~/.ssh/sdc-docker.id_rsa, and connecting to the US SW-1 data center:

bash sdc-docker-setup.sh https://us-sw-1.api.joyent.com jill ~/.ssh/sdc-docker.id_rsa

The sdc-docker-setup.sh script generates a TLS certificate using your SSH key (your private key never leaves your computer). Triton uses Docker's TLS authentication scheme to secure and identify your API requests. The script also uses the CloudAPI URL for your chosen data center to get details about the Docker service in that data center. You can choose from any of Joyent's Triton data centers offering container-native Docker service, including:

CloudAPI URLDescription
https://us-east-1.api.joyent.comJoyent's us-east-1 Virginia data center
https://us-sw-1.api.joyent.comJoyent's us-sw-1 Nevada data center
https://eu-ams-1.api.joyent.comJoyent's eu-ams-1 (Amsterdam) data center

That should output something like the following:

Setting up Docker client for SDC using:    CloudAPI:        https://us-sw-1.api.joyent.com    Account:         jill    Key:             /Users/localuser/.ssh/sdc-docker.id_rsaIf you have a pass phrase on your key, the openssl command willprompt you for your pass phrase now and again later.Verifying CloudAPI access.CloudAPI access verified.Generating client certificate from SSH private key.Wrote certificate files to /Users/localuser/.sdc/docker/jillGet Docker host endpoint from cloudapi.Docker service endpoint is: tcp://us-sw-1.docker.joyent.com:2376* * *Success. Set your environment as follows:    export DOCKER_CERT_PATH=/Users/localuser/.sdc/docker/jill    export DOCKER_HOST=tcp://us-sw-1.docker.joyent.com:2376    export DOCKER_CLIENT_TIMEOUT=300    export COMPOSE_HTTP_TIMEOUT=300    export DOCKER_TLS_VERIFY=1Then you should be able to run 'docker info' and see your accountname 'SDCAccount: jill' in the output.Note: If you receive any docker compose warning about theDOCKER_CLIENT_TIMEOUT environment variable being deprecated,simply unset it and remove it from env.sh.

After you export the variables specified in the script output you'll be ready to use Docker. You can add those environment variables to your shell's .bashrc so that you can use them later without re-running the script.

Pro tip: sdc-docker-setup.sh writes those environment vars to ~/.sdc/docker//env.sh, so you can source that to set them again.

To test Docker, you should be able to run docker info and see your account name in the output. Using our example above, we can see SDCAccount: jill here:

$ docker infoContainers: 0Images: 0Storage Driver: sdc SDCAccount: jillExecution Driver: sdc-0.3.0Logging Driver: json-fileKernel Version: 3.12.0-1-amd64Operating System: SmartDataCenterCPUs: 0Total Memory: 0 BName: us-sw-1ID: 65698e31-2754-4e86-9d05-bfc881037812

Please see the Docker troubleshooting page or contact support if you encounter any difficulty.

Run a container

Let's create a web server to demonstrate the simplicity of Docker containers. We're going to setup a container running Nginx and copy some HTML into it. Follow the steps below to test it out:

docker run -d -p 80 --name=nginx01 nginx

That's all it takes to run a container.

That command creates a new container running the official Nginx image on Docker Hub. We use docker run -d to use daemon mode so that Nginx continues to run after the docker command finishes. We use -p 80 to expose port 80 for web traffic. We name the container so that we reference it easily later. If we didn't name it then a name would be generated for us. Finally, the last parameter selects the nginx image that we want.

Get the container IP address

To visit our new Nginx server we need to find its IP address. We can docker inspect the container to reveal its IP address. Copy the command below and open that IP in your web browser to see Nginx's default page:

$ docker inspect --format '{{ .NetworkSettings.IPAddress }}' nginx01165.225.170.236

Containers will only have a public IP address if they have exposed ports. The private IP is only reachable by your other containers within the data center.

List containers

You can see a list of all provisioned Docker containers, including stopped containers with the -a switch to docker ps:

$ docker ps -aCONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                    PORTS                         NAMES828ef84a23d0        nginx               "nginx -g 'daemon off"   3 days ago          Exited (0) 25 hours ago   0.0.0.0:80->80/tcp, 443/tcp   ecstatic_stallman78de959d7c96        ubuntu              "/bin/bash"              3 days ago          Exited (0) 3 days ago                                   compassionate_goodall27d747a35429        ubuntu              "/bin/bash"              2 days ago                                                                  cranky_jepsen

Remove containers

Billing will continue on all provisioned Docker containers, including those that are stopped. To avoid charges for stopped or unwanted containers, be sure to remove them. Let's clean up the example we were using above:

$ docker rm -f nginx01

What next?

Please check out the Docker user guide and our blog posts to learn more about building infrastructure with Docker on Triton.

Docker CLI commands

Documentation for specific Docker commands and any variance in the implementation in Triton is documented in the full API docs and for each command individually:

For full documentation of Docker commands in Triton, see apidocs.tritondatacenter.com/docker.

Docker version

Triton supports clients using Docker Remote API v1.19 and above. For the Docker CLI, this includes Docker 1.7.1 and above. For Docker Compose, this includes version 1.4.1 and above.



Post written by Drew Miller