Versions Compared

Old Version 258

changes.mady.by.user Michael O'Brien

Saved on

compared with

New Version 259

changes.mady.by.user Michael O'Brien

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
themeMidnight
# from a clean ubuntu 16.04 VM
# install docker
sudo curl https://releases.rancher.com/install-docker/17.03.sh | sh
sudo usermod -aG docker ubuntu
# install nexus
ubuntu@ip-172-31-10-98:~$ mkdir -p certs
ubuntu@ip-172-31-10-98:~$ openssl req \
>   -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
>   -x509 -days 365 -out certs/domain.crt
Generating a 4096 bit RSA private key
.............................................................................................................++
.................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:ON
Locality Name (eg, city) []:Ottawa
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Amdocs
Organizational Unit Name (eg, section) []:DEV
Common Name (e.g. server FQDN or YOUR name) []:nexus3.onap.info
Email Address []:michael@obrienlabs
ubuntu@ip-172-31-10-98:~$ sudo nano /etc/hosts
sudo docker run -d  --restart=unless-stopped  --name registry  -v `pwd`/certs:/certs  -e REGISTRY_HTTP_ADDR=0.0.0.0:5000  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key  -e REGISTRY_PROXY_REMOTEURL=https://nexus3.onap.org:10001  -p 5000:5000  registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
d6a5679aa3cf: Waiting 
d6a5679aa3cf: Pull complete 
ad0eac849f8f: Pull complete 
2261ba058a15: Pull complete 
f296fda86f10: Pull complete 
bcd4a541795b: Pull complete 
Digest: sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8
Status: Downloaded newer image for registry:2
973729dce4168f41b647285b75325109581d3b907bf85e18d9a9f54b127f9e56
ubuntu@ip-172-31-10-98:~$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
7f9b0e97eb7f        registry:2          "/entrypoint.sh /e..."   8 seconds ago       Up 7 seconds        0.0.0.0:5000->5000/tcp   registry
# test it
ubuntu@ip-172-31-10-98:~$ sudo docker login -u docker -p docker nexus3.onap.info:5000
Login Succeeded
# get images from https://git.onap.org/integration/plain/version-manifest/src/main/resources/docker-manifest.csv?h=casablanca
# use for example the first line onap/aaf/aaf_agent,2.1.8
# or the prepull script in https://gerrit.onap.org/r/#/c/74780/1/deploy/docker_prepull.sh

sudo docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
2.1.8: Pulling from onap/aaf/aaf_agent
18d680d61657: Pulling fs layer 
819d6de9e493: Downloading [======================================>            ] 770.7 kB/1.012 MB



# list
ubuntu@ip-172-31-10-98:~$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   2e2f252f3c88        3 months ago        33.3 MB
ubuntu@ip-172-31-10-98:~$ sudo nohup ./docker_prepull.sh &
[1] 4602
ubuntu@ip-172-31-10-98:~$ sudo ps -ef | grep docker
root      4022     1  0 16:53 ?        00:00:25 /usr/bin/dockerd -H fd://
root      4030  4022  0 16:53 ?        00:00:03 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
root      4363  4022  0 17:05 ?        00:00:06 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000
root      4367  4030  0 17:05 ?        00:00:00 docker-containerd-shim 7f9b0e97eb7f484b75629238e2b4ba01acecdaed70ac3c1e7e58f37d0061ff3c /var/run/docker/libcontainerd/7f9b0e97eb7f484b75629238e2b4ba01acecdaed70ac3c1e7e58f37d0061ff3c docker-runc
root      4384  4367  0 17:05 ?        00:00:28 registry serve /etc/docker/registry/config.yml
root      4602  1434  0 18:18 pts/0    00:00:00 sudo nohup ./docker_prepull.sh
root      4603  4602  0 18:18 pts/0    00:00:00 /bin/bash ./docker_prepull.sh
root      4633  4603  0 18:18 pts/0    00:00:00 sudo docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
root      4634  4633  0 18:18 pts/0    00:00:00 docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8


# on each host
obrienbiometrics:nexus michaelobrien$ scp ubuntu@nexus3.onap.info:~/certs/domain.crt .
domain.crt                                                                                                                                                                              
obrienbiometrics:nexus michaelobrien$ scp domain.crt ubuntu@ld3.onap.info:~/
domain.crt                                                                                                                                                                              100% 2114    15.7KB/s   00:00    
# to avoid
ubuntu@ip-172-31-33-46:~$ sudo docker login -u docker -p docker nexus3.onap.info:5000
Error response from daemon: Get https://nexus3.onap.info:5000/v1/users/: x509: certificate signed by unknown authority
# cp cert
ubuntu@ip-172-31-33-46:~$ sudo mkdir /etc/docker/certs.d
ubuntu@ip-172-31-33-46:~$ sudo mkdir /etc/docker/certs.d/nexus3.onap.info:5000
ubuntu@ip-172-31-33-46:~$ sudo cp domain.crt /etc/docker/certs.d/nexus3.onap.info:5000/ca.crt
ubuntu@ip-172-31-33-46:~$ sudo systemctl restart docker
ubuntu@ip-172-31-33-46:~$ sudo docker login -u docker -p docker nexus3.onap.info:5000
Login Succeeded


# testing
# vm with the image existing - 2 sec
ubuntu@ip-172-31-33-46:~$ sudo docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
2.1.8: Pulling from onap/aaf/aaf_agent
Digest: sha256:71781f3cfa51066abb1a4a35267af37beec01b6bb75817fdfae056582839290c
Status: Downloaded newer image for nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8


# vm with layers existing except for last 5 - 5 sec
ubuntu@a-cd-master:~$ sudo docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
2.1.8: Pulling from onap/aaf/aaf_agent
18d680d61657: Already exists 
.. 20
49e90af50c7d: Already exists 
396607166153: Pull complete 
8023c56d0234: Pull complete 
440441b9ca5e: Pull complete
4376cc11267c: Pull complete 
acb05d09ff6e: Pull complete 
Digest: sha256:71781f3cfa51066abb1a4a35267af37beec01b6bb75817fdfae056582839290c
Status: Downloaded newer image for nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8


# clean AWS VM (clean install of docker) - no pulls yet - 45 sec for everything
ubuntu@ip-172-31-14-34:~$ sudo docker pull nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
2.1.8: Pulling from onap/aaf/aaf_agent
18d680d61657: Pulling fs layer 
0addb6fece63: Pulling fs layer 
78e58219b215: Pulling fs layer 
eb6959a66df2: Pulling fs layer 
321bd3fd2d0e: Pull complete 
819d6de9e493: Pull complete 
9c5cbae584e0: Pull complete 
6b8abae643fc: Pull complete 
595cdf95b083: Pull complete 
d5f35f05364b: Pull complete 
33422549438c: Pull complete 
507242d06459: Pull complete 
797c42cd7990: Pull complete 
55cb180bd7a7: Pull complete 
8f791662f04f: Pull complete 
b21eb3946af1: Pull complete 
36d0f286a7ec: Pull complete 
2150f5ecf4e4: Pull complete 
5b1a5109ab06: Pull complete 
880ff0160341: Pull complete 
14bbbdc46f89: Pull complete 
03b5e4771470: Pull complete 
fdd6eab46e6c: Pull complete 
80ff62223f5f: Pull complete 
e0633204c627: Pull complete 
1b3a93e91ad9: Pull complete 
29b72f79b735: Pull complete 
a2cb53787c38: Pull complete 
49e90af50c7d: Pull complete 
396607166153: Pull complete 
8023c56d0234: Pull complete 
440441b9ca5e: Pull complete 
4376cc11267c: Pull complete 
acb05d09ff6e: Pull complete 
Digest: sha256:71781f3cfa51066abb1a4a35267af37beec01b6bb75817fdfae056582839290c
Status: Downloaded newer image for nexus3.onap.info:5000/onap/aaf/aaf_agent:2.1.8
ubuntu@ip-172-31-14-34:~$ sudo docker images
REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
nexus3.onap.info:5000/onap/aaf/aaf_agent   2.1.8               090b326a7f11        5 weeks ago         1.14 GB


# going to test a same size image directly from the LF - with minimal common layers
nexus3.onap.org:10001/onap/testsuite                    1.3.2                c4b58baa95e8        3 weeks ago         1.13 GB
# 3 min in we are still at 10% 
ubuntu@ip-172-31-14-34:~$ sudo docker pull nexus3.onap.org:10001/onap/testsuite:1.3.2
1.3.2: Pulling from onap/testsuite
32802c0cfa4d: Downloading [=============>                                     ] 8.416 MB/32.1 MB
da1315cffa03: Download complete 
fa83472a3562: Download complete 
f85999a86bef: Download complete 
3eca7452fe93: Downloading [=======================>                           ] 8.517 MB/17.79 MB
9f002f13a564: Downloading [=========================================>         ] 8.528 MB/10.24 MB
02682cf43e5c: Waiting 
dfa9878b26c8: Waiting 
fdb3a2e7127c: Waiting 
adab76b27695: Waiting 
3e1db7307fd3: Waiting 
d18a8cc3d4cd: Waiting 
973f5d70b3c4: Waiting 
eb19d05de017: Waiting 
ac1f3947b000: Waiting 
01ae31c1279e: Waiting 
24ac662c0884: Waiting 
268c36718aa7: Waiting 
98559383536b: Waiting 
856a1ffe236e: Waiting 
80cbab20328c: Waiting 
caed9c28b75f: Waiting 
e3c00d7d86d4: Waiting 
3109ae4e798e: Waiting 
2dc71030fc1d: Waiting 
f1d763192c3d: Waiting 
adceeebb9b2b: Waiting 
419a6a0c4acd: Waiting 
048d8fd47ec5: Waiting 
63fc3f31cfdc: Waiting 
5441f94df8b4: Waiting 
754645df4601: Waiting 


# conclusion - nexus3.onap.org is experiencing a routing issue from their DC outbound - since 20181217 - as local jenkins.onap.org builds complete faster
# workaround is to use a nexus3 proxy above


and adding to values.yaml

...