docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update the architecture docs to reflect the notary and jobrunner containers and volumes. 

Also update the general configuration to indicate that DTR comes with Notary now.

Signed-off-by: cyli <cyli@twistedmatrix.com>
This commit is contained in:
cyli 2016-08-19 13:35:28 -07:00
parent 6323fc172c
commit 0cb33580b2
4 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
architecture.md
View File

@ -22,13 +22,16 @@ Universal Control Plane cluster.
When you install DTR on a node, the following containers are started: When you install DTR on a node, the following containers are started:
| Name | Description | | Name | Description |
|:---------------------------------|:----------------------------------------------------------------------------------------------------------------------------------| |:------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------|
| dtr-nginx-&lt;replica_id&gt; | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. | | dtr-nginx-&lt;replica_id&gt; | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. |
| dtr-api-&lt;replica_id&gt; | Executes the DTR business logic. It serves the DTR web application, and API. | | dtr-api-&lt;replica_id&gt; | Executes the DTR business logic. It serves the DTR web application, and API. |
| dtr-registry-&lt;replica_id&gt; | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | | dtr-registry-&lt;replica_id&gt; | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. |
| dtr-etcd-&lt;replica_id&gt; | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | | dtr-etcd-&lt;replica_id&gt; | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. |
| dtr-rethinkdb-&lt;replica_id&gt; | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | | dtr-jobrunner-&lt;replica_id&gt; | Runs cleanup jobs in the background. It is not exposed to DTR, and is for internal use only. |
| dtr-rethinkdb-&lt;replica_id&gt; | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. |
| dtr-notary-server-&lt;replica_id&gt; | Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to DTR with content trust enabled. |
| dtr-notary-signer-&lt;replica_id&gt; | Performs server-side timestamp and snapshot signing for content trust metadata. Is not exposed to DTR, and is for internal use only. |
## Networks ## Networks
@ -56,6 +59,7 @@ DTR uses these named volumes for persisting data:
| dtr-etcd-&lt;replica_id&gt; | dtr-etcd/_data | The volume used by etcd to persist DTR configurations. | | dtr-etcd-&lt;replica_id&gt; | dtr-etcd/_data | The volume used by etcd to persist DTR configurations. |
| dtr-registry-&lt;replica_id&gt; | dtr-registry/_data | The volume where images are stored, if DTR is configured to store images on the local filesystem. | | dtr-registry-&lt;replica_id&gt; | dtr-registry/_data | The volume where images are stored, if DTR is configured to store images on the local filesystem. |
| dtr-rethink-&lt;replica_id&gt; | dtr-rethink/_data | The volume used by RethinkDB to persist DTR data, like users and repositories. | | dtr-rethink-&lt;replica_id&gt; | dtr-rethink/_data | The volume used by RethinkDB to persist DTR data, like users and repositories. |
| dtr-notary-&lt;replica_id&gt; | dtr-notary/_data | The volume where the Notary private TLS keys and certificates are stored so that the Notary containers can use TLS to communicate. |
If you dont create these volumes, when installing DTR they are created with If you dont create these volumes, when installing DTR they are created with
the default volume driver and flags. the default volume driver and flags.

8
configure/config-general.md
View File

@ -1,7 +1,7 @@
+++ +++
title = "Configure general settings" title = "Configure general settings"
description = "Configure general settings for Docker Trusted Registry" description = "Configure general settings for Docker Trusted Registry"
keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, general, domain name, HTTP, HTTPS ports, Notary, registry"] keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, general, domain name, HTTP, HTTPS ports, registry"]
[menu.main] [menu.main]
parent="workw_dtr_configure" parent="workw_dtr_configure"
identifier="dtr_configure_general" identifier="dtr_configure_general"
@ -10,7 +10,7 @@ weight=3
# Configure general settings # Configure general settings
This document describes the general settings you need to configure including using Trusted Content through setting up your Notary server. This document describes the general settings you need to configure.
## Configure your domain name and port settings ## Configure your domain name and port settings
@ -33,14 +33,14 @@ for the new domain. This also works with IP addresses.
## Docker Content Trust ## Docker Content Trust
The Trusted Registry's includes integration with of Docker Notary to provide The Trusted Registry integrates with Docker Notary by default to provide
Content Trust functionality, allowing your organization to push and pull Content Trust functionality, allowing your organization to push and pull
trusted images. After pushing images in the Trusted Registry, you can see trusted images. After pushing images in the Trusted Registry, you can see
which image tags were signed by viewing the appropriate repositories through which image tags were signed by viewing the appropriate repositories through
Trusted Registry's web interface. Trusted Registry's web interface.
To configure your Docker client to be able to push signed images to Docker To configure your Docker client to be able to push signed images to Docker
Trusted Registry refer to the CLI Reference's [Environment Variables Trusted Registry, refer to the CLI Reference's [Environment Variables
Section](/engine/reference/commandline/cli.md#environment-variables) and Section](/engine/reference/commandline/cli.md#environment-variables) and
[Notary Section](/engine/reference/commandline/cli.md#notary). [Notary Section](/engine/reference/commandline/cli.md#notary).

2
configure/configuration.md
View File

@ -16,7 +16,7 @@ this overview to see what you can configure.
To start, navigate to the Trusted Registry user interface (UI) > Settings, to To start, navigate to the Trusted Registry user interface (UI) > Settings, to
view configuration options. Configuring is grouped by the following: view configuration options. Configuring is grouped by the following:
* [General settings](config-general.md) (ports, proxies, and Notary) * [General settings](config-general.md) (ports, proxies)
* [Security settings](config-security.md) * [Security settings](config-security.md)
* [Storage settings](config-storage.md) * [Storage settings](config-storage.md)
* [License](../install/license.md) * [License](../install/license.md)

BIN
images/architecture-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 32 KiB