We sell a system to industrial customers which includes a PC with an NVidia graphics card running Linux and software which runs on it.
The customers need to be able to update the software to new versions themselves.
I was planning to write code to serve a web page to our customers which lists available versions and lets them download and install new versions. But Docker or Docker Enterprise or Docker Engine seem to implement a lot of this type of thing. Can I use something from Docker to make this work? What parts will I need to write myself?
I haven’t used Docker much in the past, so I’m not that familiar with the ecosystem. Since our software does not run in the cloud, it runs effectively on customer machines, it’s not clear to me how much of the Docker infrastructure is appropriate.
Depends on the type of application. I am assuming you want to provide a UI-application?
If so, I am confident that your update mechanism in mind should have a UI as well and is ment to be used from end users.
Your installer/setup should provide settings for each customization in mind, ports to map and folders to map into the container. Instead of creating processes that execute command line commands, you should use the docker-rest api.
Your UI updater needs to do severall things:
use the docker.sock or TCP port to instruct the docker engine (the API is well documentet)
depending on whether your tags will be immutable or not, you can either check if there are newer tags available on Dockerhub (or your own private registry) and notify the user for an update beeing available.
if your tags are mutable, you need to compare the sha256 fingerprint of the current image+tag with the remote image+tag. If they don’t match notify the user…
Your update mechanism should pull the new image, stop and delete the running container, the create a new container based on the new image using the same configuration as the previous container.
Watchtower actualy does implement at least the comparison (if you want to query the Docker Engine for the information regarding the current image) , pull and recreation part. Maybe it makes sense to take a look in their code to get a brief understanding on how they did it. Though, it is implemented in go. If the updates should be done automaticly in the background (as in enfcorced), you could actualy do the hole update process using watchtower.
If the application is a server application and your customer has an ops team to update the software, you might even just provide docker-compose.yml’s and update instructions on every release.
So I still need to write the UI that the customer uses to select the version they want to run, but instead of talking to a home-made version server, it would talk to a Docker Registry.
I see there is Docker Hub, and there is Docker Trusted Registry. Apparently Docker Trusted Registry is something we download and run on our own servers. And of course Docker Hub is a service hosted by Docker.
Is there a version where Docker runs the registry on their servers and lets us host our proprietary images there, and only us and our customers can access it?
Docker Hub is the public Registry, though you can create private repositories and permit users to have access on your private repos.
There are severall 3rd party private registry options. Solutions like Nexus3, Artefactory, Gitlab provide a build in registry - if support is required, subscriptions are an option. The official open source repository image realy just does handle images. To add authentication/authorization, you need additional services, like http://port.us.org/.
DTR is the commercial private registry from Docker. It commes with an Enterprise Standard/Advanced license and requires at least a 10 node subscription. We actualy run a full fledged Docker cluster environments for our development (distributed application, not realy microservices) and use DTR as our repository. It is not as polished as DockerHub.
TBH, if no constraint (contract, security constraints, slow internet connection,…) prevent you from using Docker Hub - I would always prefer to use a managed service for a small fee, than sacrifice a baremetal/virtual machine and have to maintain it myself.