centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 06:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity

Fixes a bunch of docs maintenance issues

Browse Source 
* Fixes #1963
* Fixes #1530
* Fixes #1710
* Fixes #1532
* Fixes #1517
This commit is contained in:
Joao Fernandes
2016-06-22 13:42:46 -07:00
parent a69141c6cd
commit 82948348a0
8 changed files with 79 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configuration/multi-host-networking.md
View File

@@ -108,7 +108,7 @@ To enable the networking feature, do the following.
1. Log into the host running the UCP controller.
2. Review the `discovery-engine` help.
2. Review the `engine-discovery` help.
```bash
$ docker run --rm docker/ucp engine-discovery --help
@@ -116,7 +116,7 @@ To enable the networking feature, do the following.
3. Leave the UCP processes running.
4. Run the `discovery-engine` command.
4. Run the `engine-discovery` command.
The command syntax is:

BIN
images/license-ucp-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 141 KiB

After

Width:  |  Height:  |  Size: 169 KiB

66
installation/install-production.md
View File

@@ -42,7 +42,7 @@ If the volumes don't exist, when installing UCP they are created with the
default volume driver and flags.
## Step 4: Customize the CA used
## Step 4: Customize the server certificates
The UCP cluster uses TLS to secure all communications. Two Certificate
Authorities (CA) are used for this:
@@ -128,24 +128,25 @@ Now that your UCP controller is installed, you need to license it.
For an highly available installation, you can add more controller nodes to
the UCP cluster. The controller nodes are replicas of each other.
[Learn more about high-availability](../high-availability/set-up-high-availability.md).
For this, you need to make the CAs on each controller node use the same
root certificates and keys.
[Learn how to replicate the CAs for high availability](../high-availability/replicate-cas.md).
This requires creating a backup of the controller for the purposes of
replicating the root CA. Your backup command might look like this:
To create a backup of the CAs used on the controller node:
```bash
$ docker run --rm -i --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp backup --root-ca-only --interactive \
--passphrase "secret" > /tmp/backup.tar
```
1. Log into the controller node using ssh.
2. Run the docker/ucp backup command.
`--passphrase` encrypts the backup with the provided passphrase; this is
optional but recommended for security purposes.
```bash
$ docker run --rm -i --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp backup \
--interactive \
--root-ca-only \
--passphrase "secret" > /tmp/backup.tar
```
[Learn more about the backup command](../high-availability/replicate-cas.md).
## Step 8: Add controller replicas to the UCP cluster
@@ -172,25 +173,52 @@ For each node that you want to install as a controller replica:
$ docker run --rm -it --name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $BACKUP_PATH/backup.tar:/backup.tar \
docker/ucp join -i --replica
docker/ucp join \
--interactive \
--replica \
--passphrase "secret"
```
3. Since UCP configures your Docker Engine for multi-host networking, it might
4. Since UCP configures your Docker Engine for multi-host networking, it might
prompt you to restart the Docker daemon. To make the installation faster, join
all replica nodes first, and only then restart the Docker daemon on those nodes.
4. Repeat steps 1 and 2 on the other nodes you want to set up as replicas.
5. Repeat steps 1 and 2 on the other nodes you want to set up as replicas.
Make sure you set up 3, 5, or 7 controllers.
5. Check the cluster state.
6. Check the cluster state.
The Dashboard page of UCP should list all your controller nodes.
![UCP nodes page](../images/replica-nodes.png)
## Step 9: Ensure controllers know about each other
## Step 9: Add more nodes to the UCP cluster
Internally, each controller node has a key-value store that keeps track of
the controllers that are part of the cluster.
When you installed and joined replica controllers, the Docker daemon on that
host was configured to use that key-value store.
To make the cluster fault-tolerant and be able to recover faster with less
downtime, you need to configure the Docker daemon on each controller node to
know about the key-value store that is running on the other nodes.
For each controller node:
1. Log into that node using ssh.
2. Run the engine-discovery command.
```bash
$ docker run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp engine-discovery \
--update
```
## Step 10: Add more nodes to the UCP cluster
Now you can add additional nodes to your UCP cluster. These are the nodes that
will be running your containers.
@@ -215,7 +243,7 @@ For each node that you want to add to your UCP cluster:
![UCP nodes page](../images/nodes-page.png)
## Step 10. Download a client certificate bundle
## Step 11. Download a client certificate bundle
To validate that your cluster is correctly configured, you should try accessing
the cluster with the Docker CLI client. For this, you'll need to get a client

10
installation/license.md
View File

@@ -13,14 +13,12 @@ weight=40
# License UCP
After installing Docker Universal Control Plane, you need to license your
installation. If you just want to try UCP, you can
[get a trial license](https://www.docker.com/pricing).
installation. Here's how to do it.
## Download your license
When your license is issued, you can download it on Docker Hub. On Docker Hub,
navigate to your profile settings. Then click the
[Licenses tab](https://hub.docker.com/account/licenses/).
Go to [Docker Store](https://store.docker.com/bundles/docker-datacenter) and
download your UCP license or get a free trial license.
![](../images/license-ucp-1.png)
@@ -28,7 +26,7 @@ navigate to your profile settings. Then click the
## License your installation
Once you've downloaded the license file, you can apply it to your UCP
installation. On your browser, navigate to UCP, and then go to the **Settings
installation. Navigate to the **UCP web UI**, and then go to the **Settings
page**.
On the **License** page you can upload the new license.

8
installation/system-requirements.md
View File

@@ -40,8 +40,7 @@ When installing UCP on a host, make sure the following ports are open:
| Hosts | Direction | Port | Purpose |
|:-------------------|:---------:|:------------------------|:---------------------------------------------------------------------------|
| controllers | in | TCP 443 (configurable) | Web app and CLI client access to UCP. |
| controller | out | TCP 443 | Send anonymous usage reports to Docker. |
| controllers, nodes | in | TCP 443 (configurable) | Web app and CLI client access to UCP. |
| controllers, nodes | in | TCP 2375 | Heartbeat for nodes, to ensure they are running. |
| controllers | in | TCP 2376 (configurable) | Swarm manager accepts requests from UCP controller. |
| controllers, nodes | in, out | UDP 4789 | Overlay networking. |
@@ -56,11 +55,6 @@ When installing UCP on a host, make sure the following ports are open:
| controller | in | TCP 12385 | The port where the authentication API is exposed. |
| controller | in | TCP 12386 | Used by the authentication worker. |
UCP collects anonymous usage metrics, to help us improve it. These metrics
are entirely anonymous, dont identify your company, users, applications,
or any other sensitive information. You can disable this when installing
or on the UCP settings screen.
## Compatibility and maintenance lifecycle
Docker Datacenter is a software subscription that includes 3 products:

16
installation/upgrade.md
View File

@@ -45,7 +45,7 @@ When you run the upgrade command, it:
3. Stops and removes the old UCP containers.
This doesn't affect other running containers. Also, existing cluster
configurations are not affected, since they are persisted on volumes.
configurations are not affected, since they are persisted in volumes.
4. Deploys the new UCP containers to the node.
@@ -58,7 +58,7 @@ A cluster that is not set for high-availability, has only one controller node,
while a cluster that supports high-availability has multiple controller nodes.
To check the number of controller nodes in your cluster, navigate to the **UCP
web application**, and check the **Nodes** page.
web UI**, and check the **Nodes** page.
![Cluster replicas](../images/multiple-replicas.png)
@@ -86,10 +86,10 @@ replica nodes):
2. Log into the controller node using ssh.
3. Pull the latest docker/ucp image.
3. Pull the docker/ucp image for the version you want to upgrade to.
```bash
$ docker pull docker/ucp
$ docker pull docker/ucp:$UCP_VERSION
```
4. Upgrade the controller node.
@@ -98,7 +98,7 @@ replica nodes):
$ docker run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp upgrade -i
docker/ucp:$UCP_VERSION upgrade -i
# INFO[0000] We're about to upgrade the local components for UCP ID: KRIJ:UEYA:AGTD:6BBO:AHS7:QSPA:ZFAM:X7KW:GNXR:4MWQ:UDPU:MRGR
Do you want proceed with the upgrade? (y/n): y
@@ -167,10 +167,10 @@ If your cluster is set up for high-availability (has several controller nodes):
5. Log into the controller node using ssh.
6. Pull the latest docker/ucp image.
6. Pull the docker/ucp image for the version you want to upgrade to.
```bash
$ docker pull docker/ucp
$ docker pull docker/ucp:$UCP_VERSION
```
7. Upgrade the controller node.
@@ -179,7 +179,7 @@ If your cluster is set up for high-availability (has several controller nodes):
$ docker run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
docker/ucp upgrade -i
docker/ucp:$UCP_VERSION upgrade -i
# INFO[0000] We're about to upgrade the local components for UCP ID: KRIJ:UEYA:AGTD:6BBO:AHS7:QSPA:ZFAM:X7KW:GNXR:4MWQ:UDPU:MRGR
Do you want proceed with the upgrade? (y/n): y

26
monitor/troubleshoot-configurations.md
View File

@@ -32,12 +32,16 @@ You can install these tools on a Ubuntu distribution by running:
$ sudo apt-get update && apt-get install curl jq
```
To access the cluster configurations, run:
1. Use a client bundle to authenticate your requests.
[Learn more](../access-ucp/cli-based-access.md).
2. Use the REST API to access the cluster configurations.
```bash
export KV_URL="https://$(echo $DOCKER_HOST | cut -f3 -d/ | cut -f1 -d:):12379"
# $DOCKER_HOST and $DOCKER_CERT_PATH are set when using the client bundle
$ export KV_URL="https://$(echo $DOCKER_HOST | cut -f3 -d/ | cut -f1 -d:):12379"
curl -s \
$ curl -s \
--cert ${DOCKER_CERT_PATH}/cert.pem \
--key ${DOCKER_CERT_PATH}/key.pem \
--cacert ${DOCKER_CERT_PATH}/ca.pem \
@@ -53,18 +57,12 @@ To learn more about the key-value store API, check the
The containers running the key-value store, include `etcdctl`, a command line
client for etcd. You can run it using the `docker exec` command.
The example below assumes you have the Docker CLI client pointing to the Docker
Engine of a UCP controller. If you are running the example below through UCP,
you should specify the node-specific container name.
These commands assume you are running directly against the Docker Engine in
question. If you are running these commands through UCP, you should specify the
node specific container name.
The examples below assume you are logged in with ssh into a UCP controller node.
### Check the health of the etcd cluster
```bash
docker exec -it ucp-kv etcdctl \
$ docker exec -it ucp-kv etcdctl \
--endpoint https://127.0.0.1:2379 \
--ca-file /etc/docker/ssl/ca.pem \
--cert-file /etc/docker/ssl/cert.pem \
@@ -82,7 +80,7 @@ On failure the command exits with an error code, and no output.
### Show the current value of a key
```bash
docker exec -it ucp-kv etcdctl \
$ docker exec -it ucp-kv etcdctl \
--endpoint https://127.0.0.1:2379 \
--ca-file /etc/docker/ssl/ca.pem \
--cert-file /etc/docker/ssl/cert.pem \
@@ -98,7 +96,7 @@ docker exec -it ucp-kv etcdctl \
### List the current members of the cluster
```bash
docker exec -it ucp-kv etcdctl \
$ docker exec -it ucp-kv etcdctl \
--endpoint https://127.0.0.1:2379 \
--ca-file /etc/docker/ssl/ca.pem \
--cert-file /etc/docker/ssl/cert.pem \
@@ -117,7 +115,7 @@ As long as your cluster is still functional and has not lost quorum
remove the failed members.
```bash
docker exec -it ucp-kv etcdctl \
$ docker exec -it ucp-kv etcdctl \
--endpoint https://127.0.0.1:2379 \
--ca-file /etc/docker/ssl/ca.pem \
--cert-file /etc/docker/ssl/cert.pem \

8
release_notes.md
View File

@@ -24,7 +24,7 @@ upgrade your installation to the latest release.
* Core
* Upgraded Docker Swarm to version 1.2.3.
* An administrator can now reset their password. Use the `docker/ucp-auth
* An administrator can now reset their password. Use the `docker/ucp-auth
passwd` command for this.
* docker/ucp image
@@ -34,7 +34,7 @@ upgrade your installation to the latest release.
the specified election timeout value.
[Learn more](https://coreos.com/etcd/docs/latest/tuning.html)
* It's now possible to skip TLS verification when joining new nodes to the
cluster, using the `docker/ucp join --insecure-fingerprint` option. However, to
cluster, using the `docker/ucp join --insecure-fingerprint` option. However, to
ensure your cluster is secure, don't use this option for normal UCP deployments.
* The restore operation now supports `--interactive, -i` flags, which require a
backup file to be mounted in `/backup.tar` instead of streamed through `stdin`.
@@ -71,7 +71,7 @@ UCP, assuming the same host IP and a correct backup file.
UCP from an older version to 1.1.0.
* Fixed error by which user could get an "access denied" message when deploying
a container from the UI due to cached permission labels.
* Fixed issue where environment variables were not being passed to new containers
* Fixed issue where environment variables were not being passed to new containers
when "Allow users to deploy containers on UCP controllers" setting was disabled.
**Misc**
@@ -92,6 +92,8 @@ when running UCP and DTR on the same nodes, and with high-availability.
* When attempting to restore a v1.1.0 backup on a new cluster installed with
the `fresh-install` flag, the restore operation may fail due to engine-discovery
configuration issues. You should create new backups after upgrading to v1.1.1.
* UCP fails to install in machines where the hostname has more than 41
characters. This will be fixed in a future release.
## Version 1.1.0