From 0a9c392f9d941cb8cf177f9aeae7954e261cd4ab Mon Sep 17 00:00:00 2001 From: LRubin Date: Tue, 24 Jan 2017 18:01:38 -0800 Subject: [PATCH] add create swarm doc Signed-off-by: LRubin --- .../cloud-swarm/create-cloud-swarm.md | 49 ++++++++++ docker-cloud/cloud-swarm/link-aws-swarm.md | 96 +++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 docker-cloud/cloud-swarm/create-cloud-swarm.md create mode 100644 docker-cloud/cloud-swarm/link-aws-swarm.md diff --git a/docker-cloud/cloud-swarm/create-cloud-swarm.md b/docker-cloud/cloud-swarm/create-cloud-swarm.md new file mode 100644 index 0000000000..695b069608 --- /dev/null +++ b/docker-cloud/cloud-swarm/create-cloud-swarm.md @@ -0,0 +1,49 @@ +--- +description: Create new swarms in Docker Cloud +keywords: swarm mode, swarms, create swarm, Cloud +title: Create a new swarm in Docker Cloud +--- + +Note: All Swarm management features in Docker Cloud are free while in Beta. +{: style="text-align:center" } + +-------- + +You can now create _new_ Docker Swarms from within Docker Cloud as well as +register existing swarms. + +When you create a swarm, Docker Cloud connects to the provider on your behalf, +and uses the provider's APIs and a provider-specific template to launch Docker +instances. The instances are then joined to a swarm and the swarm is configured +using your input. When you access the swarm from Docker Cloud, the system +forwards your commands directly to the Docker instances running in the swarm. + +> **Note**: The Create Swarm functionality is only available for AWS at this time. Additional provider support is coming soon. + +## Create a swarm + +> **Note**: To create a swarm, you need to give Docker Cloud permission to deploy swarm nodes on your behalf in your cloud services provider account. See the [AWS with swarm instructions](link-aws-swarm.md) to learn more. + +1. If necessary, log in to Docker Cloud and switch to Swarm mode. +2. Click Swarms in the top navigation. +3. Click **Create**. +4. Enter a name for the new swarm. +5. Select a connected cloud services provider. + + Additional options appear depending on which provider you select. + +6. Enter any additional provider-specific information, such as region. + + > **Note**: SSH keys are usually tied to a specific region, so be sure you have appropriate SSH keys available on the region you select. + +7. Choose how many swarm managers and swarm worker nodes to deploy. +8. Select the instance sizes for the managers, and for the workers. +9. Select the SSH key to use to connect to the nodes. + + The list contains any SSH keys that your `dockercloud-user` has access to on your linked cloud services provider. + +10. Click **Create**. + +Docker Cloud connects to your AWS account, deploys Docker for AWS instances, forms a Swarm, and joins the instances to it. + +> **Note**: At this time, you cannot dissolve swarms or delete swarm nodes from within Docker Cloud - you can only unregister the swarm from the Docker Cloud UI. To delete the swarm and its members, log in to your AWS account and delete them manually. diff --git a/docker-cloud/cloud-swarm/link-aws-swarm.md b/docker-cloud/cloud-swarm/link-aws-swarm.md new file mode 100644 index 0000000000..008fd99086 --- /dev/null +++ b/docker-cloud/cloud-swarm/link-aws-swarm.md @@ -0,0 +1,96 @@ +--- +description: Link your Amazon Web Services account +keywords: AWS, Cloud, link +title: Link to Amazon Web Services to create Swarms +--- + +You can create a role with AWS IAM (Identity and Access Management) so that +Docker Cloud can provision and manage swarms on your behalf. + +> **Note**: Your AWS account must support EC2-VPC in order to deploy swarms, and +you must also have an [SSH key in each AWS region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) +you will deploy swarms in. + +If you used Docker Cloud with AWS to deploy classic Node Clusters, you can add +the new policy to your existing role by following the instructions +[below](#attach-a-policy-for-legacy-aws-links). + +## Create a dockercloud-swarm-role role with an embedded policy +1. Go to the AWS IAM Role creation panel at https://console.aws.amazon.com/iam/home#roles +2. Give the new role a name, such as `dockercloud-swarm-role`. + + > **Note**: You must use one role per Docker Cloud account namespace, so if + you will be using a single AWS account for multiple Docker Cloud accounts, + you should add an identifying namespace to the end of the name. For example, + you might have `dockercloud-swarm-role-moby` and + `dockercloud-swarm-role-teamawesome`. + +3. Select **Role for Cross-Account Access**, and in the submenu that opens select **Allows IAM users from a 3rd party AWS account to access this account**. +4. In the **Account ID** field, enter the ID for the Docker Cloud service: `689684103426`. +5. In the **External ID** field, enter the namespace you will be linking. + + This might be your Docker ID username, or if you are using Organizations in Docker Cloud enter the organization name. + +6. Leave **Require MFA** unchecked. +7. On the next screen, do not select a policy. Click **Next**. + + You will add the policy in a later step. + +8. On the next page click **Create Role**. + + AWS IAM creates the new role and returns you to the **Roles** list. + +9. Click the name of the role you just created to view its details. +10. On the **Permissions** tab, click the carat icon next to **Inline Policies** to expand the section. +11. In the **Inline Policies** section, click the link to create a policy. +12. On the next page, click **Custom Policy** and click **Select**. +13. On the **Policy Editor** page that appears, give the policy a name like `dockercloud-swarm-policy`. +14. In the **Policy Document** section, copy and paste the policy document found in the [Docker for AWS page](/docker-for-aws/iam-permissions/). +15. Click **Create Policy**. +16. Back on the role view, review your entries and copy the full **Role ARN** string. + + The ARN string should look something like `arn:aws:iam::123456789123:role/dockercloud-swarm-role`. You'll use the ARN in the next step. + +## Attach a policy for legacy AWS links + +If you already have your AWS account connected to Docker Cloud and used the legacy node cluster functionality you will need to create and attach a new policy, and re-link your account. + +1. Go to the AWS IAM Roles list at https://console.aws.amazon.com/iam/home#roles. +2. Click your existing version of the `dockercloud-role`. +3. On the **Permissions** tab, click the carat icon next to **Inline Policies** to expand the section. +4. Click the link in the **Inline Policies** section to create a policy. +5. On the next page, click **Custom Policy** and click **Select**. +6. On the **Policy Editor** page that appears, give the policy a name like `dockercloud-swarm-policy`. +7. In the **Policy Document** section, copy and paste the policy document found in the [Docker for AWS page](/docker-for-aws/iam-permissions/). +8. Click **Create Policy**. +9. Select and copy the **Role ARN** on the role screen. + It should't have changed, but you'll use it to re-link your account. + +Because you edited the role's permissions, you need to re-link to your account. +Back in Docker Cloud, click the account menu and select **Cloud Settings**, and +in the **Cloud providers** section, click the green plug icon to unlink your AWS +account. + +Then follow the instructions [below](#add-aws-account-credentials-to-docker-cloud) to re-link your account. + +## Add AWS account credentials to Docker Cloud + +Once you've created the a `dockercloud-swarm-policy`, added the +`dockercloud-swarm-role` inline, and have the role's Role ARN, go back to Docker +Cloud to connect the account. + +1. In Docker Cloud, click the account menu at upper right and select **Cloud settings**. +2. In the **Cloud Providers** section, click the plug icon next to Amazon Web Services. +3. Enter the full `Role ARN` for the role you just created. +4. Click **Save**. + +You're now ready to deploy a swarm! + + + +