Setting up the environment¶
If you want to use your own applications for exploring Secure Build, you must register the base images in the remote registry server (Docker Hub or IBM Cloud Container Registry) by using your Docker Hub or IBM Cloud Container Registry user ID and password.
The base images are the default Hyper Protect Virtual Server container images that can be used to host your application code, and include two different types of container images for your development and production environments.
* HpvsopBaseSSH
, which packages the SSH daemon into the default Hyper Protect Virtual Server container image, so that you can log in to the Hyper Protect Virtual Server by using the secure shell and your private key for debugging and development.
* HpvsopBase
, which excludes the SSH daemon on the default Hyper Protect Virtual Server container image, and can be used in the production environment.
In the hosted trial environment, the base images are located at $HOME/hpvs/config/hpvsopbase/images
(HpvsopBase
), and $HOME/hpvs/config/hpvsopbasessh
(HpvsopBaseSSH
).
Before you begin¶
- Check that you have the account ID and password on the remote docker registry server to create repositories for base images. For example,
docker_base_user
is your user ID on the remote docker registry server. - Check that you have installed the GPG command line tool on the x86 or Linux on IBM Z/LinuxONE (i.e., s390x architecture) management server. For more information, see GNU Privacy Guard.
- Check that you have enabled Docker Content Trust (DCT) for your remote docker registry server. For more information, see Content trust in Docker or Setting up your trusted content environment for IBM Container Registry.
export DOCKER_CONTENT_TRUST=1
Procedure¶
Complete the following steps.
-
Create a GitHub account (if you do not already have one) here.
-
Create a Docker Hub account (if you do not already have one) by following the instructions here.
-
Create a Docker access token for Docker Hub access during the trial (you will delete it if after finishing the trial) by following the instructions here.
-
Log in to the remote docker repository.
- For Docker Hub, run the
docker login
command from the$HOME/hpvs_user
directory. For more information, see Docker Login command. - For IBM Cloud Container Registry, run
docker login -u iamapikey -p <iam_api_key> <region>.icr.io
command. For more information, see Using Docker to authenticate with an API key.
- For Docker Hub, run the
-
From the
$HOME/hpvs_user
directory, run the command:docker images
, to check whether the base images are loaded into the local registry successfully.REPOSITORY TAG IMAGE ID CREATED SIZE sys-zaas-team-hpvsop-dev-docker-local.artifactory.\ swg-devops.com/zaas/hyperpvsop-base-image 1.2.5 c6a593192565 3 days ago 1.04GB sys-zaas-team-hpvsop-dev-docker-local.artifactory.\ swg-devops.com/zaas/hyperpvsop-base-ssh-image 1.2.5 a6252e869355 3 days ago 1.04GB
-
Create two repositories in your namespace for both the
hpvsop-base
image and thehpvsop-base-ssh
image on the Docker Hub. For example,docker_base_user/hpvsop-base
anddocker_base_user/hpvsop-base-ssh
. Note that the repository name must match the image name. -
Use the
docker tag
command to tag base images with the same ID used by the CLI tool. Run the following commands from the$HOME/hpvs_user
directory, to tag both base images.docker tag sys-zaas-team-hpvsop-dev-docker-local.artifactory.swg-devops.com/zaas/hyperpvsop-base-image:1.2.5 docker_base_user/hyperpvsop-base-image:1.2.5 docker tag sys-zaas-team-hpvsop-dev-docker-local.artifactory.swg-devops.com/zaas/hyperpvsop-base-ssh-image :1.2.5 docker_base_user/hpvsop-base-ssh-image:1.2.5
-
Run the
docker images
command from the$HOME/hpvs_user
directory, to check whether the tags for the base images are as expected.REPOSITORY TAG IMAGE ID CREATED SIZE ... docker tag sys-zaas-team-hpvsop-dev-docker-local.artifactory.\ swg-devops.com/zaas/hyperpvsop-base-image 1.2.5 c6a593192565 3 days ago 1.04GB docker_base_user/hyperpvsop-base-image 1.2.5 a6252e869355 3 days ago 1.04GB docker tag sys-zaas-team-hpvsop-dev-docker-local.artifactory.\ swg-devops.com/zaas/hyperpvsop-base-ssh-image 1.2.5 c6a593192565 3 days ago 1.04GB docker_base_user/hyperpvsop-base-ssh-image 1.2.5 a6252e869355 3 days ago 1.04GB ...
-
Push the base images to your remote docker repositories. For example:
docker login docker push docker_base_user/hyperpvsop-base-image:1.2.5 docker push docker_base_user/hyperpvsop-base-ssh-image:1.2.5
-
Document the credentials you will use to build your application with the Secure Build container.
- Your Docker Hub ID account used to register the base images. For example,
docker_base_user
- Your Docker Hub ID password. For example,
passw0rd
- Your Docker Hub ID account used to register the base images. For example,