书名：Mastering Docker Enterprise
作者名：Mark Panthofer
本章字数：419字
更新时间：2025-04-04 14:48:22

Installing the DTR

For our PoC, we will need a private, trusted image registry to store, secure, and serve our images. For this, we will use Docker Trusted Registry (DTR). We will use an SSH Terminal for the UCP manager node.

SSH to the UCP node and run the docker node ls command to get a list of proper node names. For our example, the proper node name for DTR is ip-172-31-0-168. It can be either Linux work node. Next, from our UCP SSH Terminal, we run the DTR install as shown in the following code block. Notice how we use the UCP node name where want DTR to be installed --ucp-node ip-172-31-0-68.

Let's take a look at the command structure for our PoC DTR install:

$ docker run -it --rm docker/dtr:2.6.2 install \
--ucp-url <ucp_host_dns or IP>:443 \
--ucp-username admin \
--ucp-password <ucp password> \
--ucp-insecure-tls \
--ucp-node <name node where DTR is to be installed>

## --- Actual example with my clusters values ---
$ docker run -it --rm docker/dtr:2.6.2 install \
--ucp-url ec2-54-245-193-10.us-west-2.compute.amazonaws.com:443 \
--ucp-username admin \
--ucp-node ip-172-31-0-68 \
--ucp-password notReallyThePassword \
--ucp-insecure-tls

It's important to understand that DTR and UCP work closely together and DTR can't be deployed without an associated UCP. All user, team, and organization information is stored in UCP, but is used by DTR. When you log in to DTR, you use the same credentials as UCP and you will be momentarily redirected to UCP during the authentication process.

As you probably guessed, the UCP URL is the same one you used when you installed the Docker Universal Control Plane. Subsequently, you will use the same username and password for the admin user as you did when you installed UCP. Also, note that you will be prompted to enter the node name where you want the DTR to be installed. The prompt will include a list of candidate nodes in the UCP cluster.

Once the installation completes, you can use the external IP address of your DTR to sign in. Don't forget to use the HTTPS prefix when accessing the DTR. And again, you will have to click through the privacy warnings to accept a self-signed certificate. Use your UCP admin username and password to sign in.

The following is the Docker Trusted Registry login page https://{external-ip-DTR-Node}:

Figure 10: Docker Trusted Registry Login

Now that we have the basic platform installed for our PoC, we can take care of some of the basic configuration and testing of our shiny new Docker Enterprise installation.