Setting Up Docker Enterprise with Universal Control Plane and Trusted Registry

2 hours
  • 4 Learning Objectives

About this Hands-on Lab

Docker Enterprise Edition (Docker EE) provides a wide variety of enterprise-level features for managing containers. Universal Control Plane (UCP) delivers a feature-packed interface for the Docker EE cluster that allows us to orchestrate containers with ease. Docker Trusted Registry (DTR) is also a feature-rich registry with an immense range of security measures and customization capabilities.

In this lab, we will work with Docker EE components by building our own Docker EE cluster on a set of Linux servers. Finally, we will practice installing and configuring the Docker EE engine, UCP, and DTR.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install Docker EE on All Three Servers

Note: Perform the following steps on all three servers:

  1. Start a free trial for Docker EE:

    If you don’t have a Docker EE trial already started, then launch one here: This free trial lasts up to a month, but another one can be started right after it expires.

  2. Go to and retrieve a unique URL for Docker EE.

  3. Click Setup.

  4. Copy the URL generated for Docker EE.

  5. Set a few environment variables. Ensure that the unique URL generated for Docker EE is also used here:

  6. Verify that the required packages install successfully:

    sudo apt-get install -y 
  7. Add the gpg key and repository using the unique URL for Docker EE:

    curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
    sudo add-apt-repository 
     "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu 
     $(lsb_release -cs) 
  8. Install Docker EE:

    sudo apt-get update
    sudo apt-get install -y docker-ee=5:18.09.4~3-0~ubuntu-bionic
  9. Apply cloud_user access to run the Docker commands:

    sudo usermod -a -G docker cloud_user

    Log out and log back in again.

  10. Test the Docker EE installation to verify that it’s working:

    docker version
Set Up the UCP Manager

Note: Perform the following steps on the UCP manager server:

  1. Pull the UCP image:

    docker image pull docker/ucp:3.1.5
  2. Set an environment variable to the private IP address of the UCP manager server:

  3. Use the UCP image for the installation:

    docker container run --rm -it --name ucp 
    -v /var/run/docker.sock:/var/run/docker.sock 
    docker/ucp:3.1.5 install 
    --host-address $PRIVATE_IP 
  4. Enter new admin credentials when prompted, and then take note of them as we will need them later on in this lab.

  5. Once the installation completes, a prompt will appear for additional aliases, press Enter to select the default.

  6. In a web browser go to: https://[UCP manager Public IP] for accessing the UCP manager.

    Note: A warning about the self-signed certificate’s validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

  7. Use the admin credentials that were created during the initial setup process to log in.

  8. A prompt will appear asking for a license file. Keep the UCP tab open and use a new tab to download the license.

  9. Go to the Docker site: to retrieve the license file.

  10. Click Setup.

  11. Under the Resources section, click License Key to download the required license file.

  12. Click Upload License.

  13. Return to UCP manager in a web browser and insert the license file that was obtained from Docker Hub.

Add Both UCP Workers to the Cluster
  1. Navigate back to the UCP manager interface in a web browser to retrieve the worker join command. We will also generate a docker swarm join command that can be copied.
  2. Click Shared Resources.
  3. Click Nodes.
  4. Click Add Node.
  5. Apply the following values on the Add Node page:
    • Node type: Linux
    • Node role: Worker
  6. Run the join command on both of the worker nodes.
  7. Copy the docker swarm join command obtained from the UCP manager and run it on both of the worker nodes.
Set Up Docker Trusted Registry

Get the DTR setup command from the UCP manager by performing the following steps:

  1. Access the UCP manager from a web browser.

  2. Click Admin > Admin Settings.

  3. Click Docker Trusted Registry.

  4. On the Admin Settings page locate the UCP Node section.

  5. Click ip-10-0-1-102.

  6. Click the checkbox labeled Disable TLS verification for UCP.

  7. The UCP page will generate a docker run command that can be copied.

    Note: To run the setup command, we need to modify the command provided by the UCP manager.

  8. In the line with the flag --ucp-url, we will see the public IP of the UCP manager. With a text editor, such as, replace the public IP with the UCP manager private IP

  9. Paste and run the modified command on the DTR worker server.

  10. When prompted for the ucp-password, enter the admin password that was created when we set up the UCP manager.

  11. Access DTR from a web browser by entering: https://DTR_WORKER_PUBLIC_IP.

    Note: A warning about the self-signed certificate’s validity may emerge. This notification can be disregarded, for example, in Google Chrome click Advanced, and then click Proceed to bypass it.

    Use the same admin credentials that we created when setting up the UCP manager to log in.

Additional Resources

Your company has been using Docker Swarm — however, now they want to take advantage of the additional features offered through Docker Enterprise. Your task is to set up a three-node Docker Enterprise cluster running with the Universal Control Plane (UCP). In addition to this, you will need to install Docker Trusted Registry (DTR) on one of the worker nodes within the cluster.

You will need a Docker Hub account and a Docker Enterprise Edition license to complete the remainder of this lab. You can obtain a free trial for Docker Enterprise using this link:

Three servers have been made available to you. Each one of these servers is appropriately sized for its intended purpose, so make sure that you configure the correct server for every role. Use Docker EE 18.09 and UCP version 3.1.5.

UCP Manager

  1. Install Docker EE.
  2. Install UCP and set up this node as a UCP manager.
  3. Upload your Docker EE license file.

DTR Worker

  1. Install Docker EE.
  2. Add this node as a UCP worker to the cluster.
  3. Set up DTR on this node.


  1. Install Docker EE.
  2. Add this node as a UCP worker to the cluster.

If you get stuck, remember you can review the solution video or the instructions under each objective. Good luck!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?