docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates installation docs

This commit is contained in:
Joao Fernandes 2016-10-03 13:30:15 -07:00
parent f206a3b9d0
commit 1fdfe678e3
5 changed files with 60 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
architecture.md
View File

@ -22,62 +22,64 @@ Universal Control Plane cluster.
When you install DTR on a node, the following containers are started: When you install DTR on a node, the following containers are started:
| Name | Description | | Name | Description |
|:------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------| |:-------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------|
| dtr-nginx-<replica_id> | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. | | dtr-api-<replica_id> | Executes the DTR business logic. It serves the DTR web application, and API |
| dtr-api-<replica_id> | Executes the DTR business logic. It serves the DTR web application, and API. | | dtr-etcd-<replica_id> | A key-value store for persisting DTR configuration settings |
| dtr-registry-<replica_id> | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | | dtr-jobrunner-<replica_id> | Runs cleanup jobs in the background |
| dtr-etcd-<replica_id> | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | | dtr-nginx-<replica_id> | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host |
| dtr-jobrunner-<replica_id> | Runs cleanup jobs in the background. It is not exposed to DTR, and is for internal use only. | | dtr-notary-server-<replica_id> | Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to DTR with content trust enabled |
| dtr-rethinkdb-<replica_id> | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | | dtr-notary-signer-<replica_id> | Performs server-side timestamp and snapshot signing for content trust metadata |
| dtr-notary-server-<replica_id> | Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to DTR with content trust enabled. | | dtr-registry-<replica_id> | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored |
| dtr-notary-signer-<replica_id> | Performs server-side timestamp and snapshot signing for content trust metadata. Is not exposed to DTR, and is for internal use only. | | dtr-rethinkdb-<replica_id> | A database for persisting repository metadata |
All these components are for internal use of DTR. Don't use them in your applications.
## Networks ## Networks
To allow containers to communicate, when installing DTR the following networks To allow containers to communicate, when installing DTR the following networks
are created: are created:
| Name | Type | Description | | Name | Type | Description |
|:-------|:--------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |:-------|:--------|:---------------------------------------------------------------------------------------|
| dtr-br | bridge | Allows containers on the same node to communicate with each other in a secure way. | | dtr-br | bridge | Allows DTR components on the same node to communicate with each other in a secure way |
| dtr-ol | overlay | Allows containers running on different nodes to communicate. This network is used in high-availability installations, to allow Etcd and RethinkDB containers to replicate their data. | | dtr-ol | overlay | Allows DTR components running on different nodes to communicate, to replicate DTR data |
The communication between all DTR components is secured using TLS. Also, when
installing DTR, two Certificate Authorities (CAs) are created. These CAs are
used to create the certificates used by Etcd and RethinkDB when communicating
across nodes.
## Volumes ## Volumes
DTR uses these named volumes for persisting data: DTR uses these named volumes for persisting data:
| Volume name | Location on host (/var/lib/docker/volumes/) | Description | | Volume name | Description |
|:--------------------------------|:--------------------------------------------|:-------------------------------------------------------------------------------------------------------------| |:--------------------------------|:---------------------------------------------------------------------------------|
| dtr-ca-<replica_id> | dtr-ca/_data | The volume where the private keys and certificates are stored so that containers can use TLS to communicate. | | dtr-ca-<replica_id> | Root key material for the DTR root CA that issues certificates |
| dtr-etcd-<replica_id> | dtr-etcd/_data | The volume used by etcd to persist DTR configurations. | | dtr-etcd-<replica_id> | DTR configuration data |
| dtr-registry-<replica_id> | dtr-registry/_data | The volume where images are stored, if DTR is configured to store images on the local filesystem. | | dtr-notary-<replica_id> | Certificate and keys for the Notary components |
| dtr-rethink-<replica_id> | dtr-rethink/_data | The volume used by RethinkDB to persist DTR data, like users and repositories. | | dtr-registry-<replica_id> | Docker images data, if DTR is configured to store images on the local filesystem |
| dtr-notary-<replica_id> | dtr-notary/_data | The volume where the Notary private TLS keys and certificates are stored so that the Notary containers can use TLS to communicate. | | dtr-rethink-<replica_id> | Repository metadata |
If you dont create these volumes, when installing DTR they are created with You can customize the volume driver used for these volumes, by creating the
the default volume driver and flags. volumes before installing DTR. During the installation, DTR checks which volumes
don't exist in the node, and creates them using the default volume driver.
By default, the data for these volumes can be found at
`/var/lib/docker/volumes/<volume-name>/_data`.
## Image storage ## Image storage
By default, Docker Trusted Registry stores images on the filesystem of the host By default, Docker Trusted Registry stores images on the filesystem of the node
where it is running. where it is running.
You can also configure DTR to using these cloud storage backends: You can also configure DTR to use these storage backends:
* NFS
* Amazon S3 * Amazon S3
* Cleversafe
* OpenStack Swift * OpenStack Swift
* Microsoft Azure * Microsoft Azure
For highly available installations, configure DTR to use a cloud storage For highly available installations, you should use a cloud storage system
backend or a network filesystem like NFS. instead of an NFS mount, since they usually have better performance.
## High-availability support ## High-availability support

BIN
images/architecture-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 43 KiB

58
install/index.md
View File

@ -18,8 +18,8 @@ weight=20
# Install Docker Trusted Registry # Install Docker Trusted Registry
Docker Trusted Registry (DTR) is a containerized application that runs on a Docker Trusted Registry (DTR) is a containerized application that runs on a
Docker Universal Control Plane (UCP) cluster. It can be installed on-premises swarm managed by Docker Universal Control Plane (UCP). It can be installed
or on a cloud infrastructure. on-premises or on a cloud infrastructure.
Use these instructions to install DTR. Use these instructions to install DTR.
@ -30,10 +30,11 @@ infrastructure has all the [requirements DTR needs to run](system-requirements.m
## Step 2. Install UCP ## Step 2. Install UCP
Since DTR requires a Docker Universal Control Plane (UCP) cluster Since DTR requires Docker Universal Control Plane (UCP)
to run, you need to install UCP first. to run, you need to install UCP on all the nodes where you plan to install DTR.
[Learn how to install UCP](https://docs.docker.com/ucp/installation/install-production/). Make sure that the node you install DTR on is already joined to the UCP cluster. [Learn how to install UCP](https://docs.docker.com/ucp/installation/install-production/).
Make sure all the nodes you plan on installing DTR are being managed by UCP.
## Step 3. Install DTR ## Step 3. Install DTR
@ -44,34 +45,25 @@ To install DTR:
1. Download a UCP client bundle. 1. Download a UCP client bundle.
Having a UCP client bundle allows you to run Docker commands on a UCP Having a UCP client bundle allows you to run Docker commands on a swarm
cluster. being managed by UCP.
[Download a UCP client bundle](https://docs.docker.com/ucp/access-ucp/cli-based-access/) [Download a UCP client bundle](https://docs.docker.com/ucp/access-ucp/cli-based-access/)
and set up your CLI client to use it. and set up your CLI client to use it.
2. Run the following command to install DTR. 2. Run the following commands to install DTR.
```bash ```bash
# Get the certificates used by UCP # Get the certificates used by UCP
$ curl -k https://$UCP_HOST/ca > ucp-ca.pem $ curl -k https://<ucp-url>/ca > ucp-ca.pem
# Install DTR # Install DTR
$ docker run -it --rm \ $ docker run -it --rm \
docker/dtr install \ docker/dtr install \
--ucp-url $UCP_URL \
--ucp-node $NODE_HOSTNAME \
--dtr-external-url $DTR_PUBLIC_IP \
--ucp-username $USER --ucp-password $PASSWORD \
--ucp-ca "$(cat ucp-ca.pem)" --ucp-ca "$(cat ucp-ca.pem)"
``` ```
Where: The install command has other flags for customizing DTR at install time.
Check the [reference documentation to learn more](../reference/install.md).
* ucp-url, is the URL of the UCP controller,
* ucp-node, is the hostname of the UCP node where DTR will be installed,
* dtr-external-url, is the public IP or domain name where DTR can be reached,
* ucp-username, and ucp-password are the credentials of a UCP administrator,
* ucp-ca, is the certificate authority used by UCP.
3. Check that DTR is running. 3. Check that DTR is running.
@ -113,12 +105,14 @@ This step is optional.
To set up DTR for [high availability](../high-availability/index.md), To set up DTR for [high availability](../high-availability/index.md),
you can add more replicas to your DTR cluster. Adding more replicas allows you you can add more replicas to your DTR cluster. Adding more replicas allows you
to load-balance requests across all replicas, and keep DTR working if a to load-balance requests across all replicas, and keep DTR working if a
replica fails. Each replica must be located on a node already joined to the UCP cluster. replica fails.
For high-availability you should set 3, 5, or 7 DTR replicas. The nodes where
you're going to install these replicas also need to be managed by UCP.
To add replicas to a DTR cluster, use the `docker/dtr join` command. To add To add replicas to a DTR cluster, use the `docker/dtr join` command. To add
replicas: replicas:
1. Load you UCP user bundle. 1. Load you UCP user bundle.
2. Run the join command. 2. Run the join command.
@ -131,25 +125,13 @@ replicas:
```bash ```bash
# Get the certificates used by UCP # Get the certificates used by UCP
$ curl -k https://$UCP_HOST/ca > ucp-ca.pem $ curl -k https://<ucp-url>/ca > ucp-ca.pem
$ docker run -it --rm \ $ docker run -it --rm \
docker/dtr join \ docker/dtr join \
--ucp-url $UCP_URL \
--ucp-node $UCP_NODE \
--existing-replica-id $REPLICA_TO_JOIN \
--ucp-username $USER --ucp-password $PASSWORD \
--ucp-ca "$(cat ucp-ca.pem)" --ucp-ca "$(cat ucp-ca.pem)"
``` ```
Where:
* ucp-url, is the URL of the UCP controller,
* ucp-node, is the node on the ucp cluster where the DTR replica will be installed,
* existing-replica-id, is the ID of the DTR replica you want to replicate,
* ucp-username, and ucp-password are the credentials of a UCP administrator,
* ucp-ca, is the certificate used by UCP.
3. Check that all replicas are running. 3. Check that all replicas are running.
In your browser, navigate to the the Docker **Universal Control Plane** In your browser, navigate to the the Docker **Universal Control Plane**
@ -158,12 +140,6 @@ replicas:
![](../images/install-dtr-4.png) ![](../images/install-dtr-4.png)
4. Follow steps 1 to 3, to add more replicas to the DTR cluster.
When configuring your DTR cluster for high-availability, you should install
3, 5, or 7 replicas.
[Learn more about high availability](../high-availability/index.md)
## See also ## See also
* [Install DTR offline](install-dtr-offline.md) * [Install DTR offline](install-dtr-offline.md)

2
install/install-dtr-offline.md
View File

@ -42,7 +42,7 @@ copy that package to the nodes where youll install DTR.
3. Login into the host where you transferred the images. 3. Login into the host where you transferred the images.
4. Load the UCP images. 4. Load the images.
Once the package is on the node where you want to install DTR, you can use Once the package is on the node where you want to install DTR, you can use
the `docker load` command, to load the images from the .tar file. the `docker load` command, to load the images from the .tar file.

21
install/system-requirements.md
View File

@ -18,26 +18,21 @@ Before installing, be sure your infrastructure has these requirements.
## Software requirements ## Software requirements
To install DTR on a node, that node node must be part of a Docker Universal You can only install DTR on a node that is being managed by Docker Universal
Control Plane 1.1 cluster. Control Plane 2.0.
## Ports used ## Ports used
When installing DTR on a node, make sure the following ports are open on that When installing DTR on a node, make sure the following ports are open on that
node: node:
| Direction | Port | Purpose | | Direction | Port | Purpose |
|:---------:|:-----|:---------------------------------------------------------------------------------| |:---------:|:-----|:--------------------------------------|
| in | 80 | Web app and API client access to DTR. | | in | 80 | Web app and API client access to DTR. |
| in | 443 | Web app and API client access to DTR. | | in | 443 | Web app and API client access to DTR. |
| out | 443 | Check if new versions are available, and send anonymous usage reports to Docker. |
The inbound ports are configurable. These ports are configurable when installing DTR.
DTR collects anonymous usage metrics, to help us improve it. These metrics
are entirely anonymous, dont identify your company, users, applications,
or any other sensitive information. You can disable this on the DTR settings
page.
## Compatibility and maintenance lifecycle ## Compatibility and maintenance lifecycle