docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve DDC urls for readability

This commit is contained in:
Joao Fernandes 2016-11-09 16:13:31 -08:00
parent c0974ef2a6
commit 4391ce38f1
21 changed files with 407 additions and 511 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
_data/toc.yaml
View File

@ -633,13 +633,13 @@ toc:
section:
- sectiontitle: Universal Control Plane 2.0
section:
- path: /datacenter/ucp/2.0/overview/
- path: /datacenter/ucp/2.0/
title: Universal Control Plane overview
- path: /datacenter/ucp/2.0/architecture/
title: Architecture
- sectiontitle: Installation
section:
- path: /datacenter/ucp/2.0/installation/system-requirements/
- path: /datacenter/ucp/2.0/installation/
title: System requirements
- path: /datacenter/ucp/2.0/installation/plan-production-install/
title: Plan a production installation
@ -685,13 +685,13 @@ toc:
title: upgrade
- sectiontitle: Access UCP
section:
- path: /datacenter/ucp/2.0/access-ucp/web-based-access/
- path: /datacenter/ucp/2.0/access-ucp/
title: Web-based access
- path: /datacenter/ucp/2.0/access-ucp/cli-based-access/
title: CLI-based access
- sectiontitle: Configuration
section:
- path: /datacenter/ucp/2.0/configuration/use-externally-signed-certs/
- path: /datacenter/ucp/2.0/configuration/
title: Use externally-signed certificates
- path: /datacenter/ucp/2.0/configuration/configure-logs/
title: Configure UCP logging
@ -703,7 +703,7 @@ toc:
title: Route hostnames to services
- sectiontitle: Monitor and troubleshoot
section:
- path: /datacenter/ucp/2.0/monitor/monitor-ucp/
- path: /datacenter/ucp/2.0/monitor/
title: Monitor your cluster
- path: /datacenter/ucp/2.0/monitor/troubleshoot-ucp/
title: Troubleshoot your cluster
@ -711,13 +711,13 @@ toc:
title: Troubleshoot cluster configurations
- sectiontitle: High-availability
section:
- path: /datacenter/ucp/2.0/high-availability/set-up-high-availability/
- path: /datacenter/ucp/2.0/high-availability/
title: Set up high availability
- path: /datacenter/ucp/2.0/high-availability/backups-and-disaster-recovery/
title: Backups and disaster recovery
- sectiontitle: User management
section:
- path: /datacenter/ucp/2.0/user-management/authentication-and-authorization/
- path: /datacenter/ucp/2.0/user-management/
title: Authentication and authorization
- path: /datacenter/ucp/2.0/user-management/create-and-manage-users/
title: Create and manage users
@ -727,10 +727,16 @@ toc:
title: Permission levels
- sectiontitle: Applications
section:
- path: /datacenter/ucp/2.0/applications/deploy-app-ui/
- path: /datacenter/ucp/2.0/applications/
title: Deploy an app from the UI
- path: /datacenter/ucp/2.0/applications/deploy-app-cli/
title: Deploy an app from the CLI
- sectiontitle: Content trust
section:
- path: /datacenter/ucp/2.0/content-trust/
title: Run only images you trust
- path: /datacenter/ucp/2.0/content-trust/manage-trusted-repositories/
title: Manage trusted repositories
- path: /datacenter/ucp/2.0/support/
title: Get support
- path: /datacenter/ucp/2.0/release-notes/
@ -747,7 +753,7 @@ toc:
title: System requirements
- path: /datacenter/dtr/2.1/install/
title: Install Docker Trusted Registry
- path: /datacenter/dtr/2.1/install/install-dtr-offline/
- path: /datacenter/dtr/2.1/install/install-offline/
title: Install offline
- path: /datacenter/dtr/2.1/install/license/
title: License your deployment
@ -781,7 +787,7 @@ toc:
section:
- path: /datacenter/dtr/2.1/configure/
title: Use your own certificates
- path: /datacenter/dtr/2.1/configure/storage-configuration/
- path: /datacenter/dtr/2.1/configure/configure-storage/
title: Storage configuration
- sectiontitle: Monitor and troubleshoot
section:

BIN
datacenter/dtr/2.1/assets/gc1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 25 KiB

BIN
datacenter/dtr/2.1/assets/gc3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
datacenter/dtr/2.1/assets/repo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 73 KiB

0
datacenter/dtr/2.1/configure/storage-configuration.md → datacenter/dtr/2.1/configure/configure-storage.md
View File

0
datacenter/dtr/2.1/install/install-dtr-offline.md → datacenter/dtr/2.1/install/install-offline.md
View File

26
datacenter/ucp/2.0/access-ucp/index.md
View File

@ -1,12 +1,24 @@
---
title: Access UCP
description: Learn how to access Docker Universal Control Plane from the web and the
CLI.
title: Web-based access
description: Learn how to access Docker Universal Control Plane from the web browser.
keywords:
- docker, ucp, cli
- docker, ucp, web, administration
---
This section includes the following topics:
Docker Universal Control Plane allows you to manage your cluster in a visual
way, from your browser.
* [Web-based access](web-based-access.md)
* [CLI-based access](cli-based-access.md)
![](../images/overview-1.png)
Docker UCP secures your cluster with role-based access control. From the
browser, Administrators can:
* Manage cluster configurations,
* Manage the permissions of users and teams,
* See all images, networks, volumes, and containers.
![](../images/overview-3.png)
Non-admin users can only see and change the images, networks, volumes, and
containers, they are granted access.

24
datacenter/ucp/2.0/access-ucp/web-based-access.md
View File

@ -1,24 +0,0 @@
---
title: Web-based access
description: Learn how to access Docker Universal Control Plane from the web browser.
keywords:
- docker, ucp, web, administration
---
Docker Universal Control Plane allows you to manage your cluster in a visual
way, from your browser.
![](../images/overview-1.png)
Docker UCP secures your cluster with role-based access control. From the
browser, Administrators can:
* Manage cluster configurations,
* Manage the permissions of users and teams,
* See all images, networks, volumes, and containers.
![](../images/overview-3.png)
Non-admin users can only see and change the images, networks, volumes, and
containers, they are granted access.

88
datacenter/ucp/2.0/applications/deploy-app-ui.md
View File

@ -1,88 +0,0 @@
---
title: Deploy an app from the UI
description: Learn how to deploy containerized applications on a cluster, with Docker
Universal Control Plane.
keywords:
- ucp, deploy, application
---
With Docker Universal Control Plane you can deploy applications from the
UI. You can define your application on the UI, or import an existing
docker-compose.yml file.
In this example, we're going to deploy a WordPress application.
## Deploy WordPress
On your browser, **log in** to UCP, and navigate to the **Applications** page.
There, click the **Compose Application** button, to deploy a new application.
![](../images/deploy-app-ui-1.png)
The WordPress application we're going to deploy is composed of two services:
* wordpress: The container that runs Apache, PHP, and WordPress.
* db: A MariaDB database used for data persistence.
<!-- would be better if this was a docker-compose v2 file-->
```yml
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: example
```
Copy-paste the application definition to UCP, and name it 'wordpress'.
You can also upload a docker-compose.yml file from your machine, by clicking on
the 'Upload an existing docker-compose.yml' link.
![](../images/deploy-app-ui-2.png)
Click the **Create** button, to create the WordPress application.
Once UCP deploys the WordPress application, you can
**click on the wordpress_wordpress_1** container, to see its details.
![](../images/deploy-app-ui-3.png)
In the container details page, search for the **Ports** the container is
exposing.
![](../images/deploy-app-ui-4.png)
In this example, WordPress can be accessed at `192.168.99.106:8080`.
Navigate to this address in your browser, to start using the WordPress app you
just deployed.
![](../images/deploy-app-ui-5.png)
## Limitations
There are some limitations when deploying application on the UI. You can't
reference any external files, so the following Docker Compose keywords are not
supported:
* build
* dockerfile
* env_file
![](../images/deploy-app-ui-6.png)
To overcome these limitations, you can
[deploy your apps from the CLI](deploy-app-cli.md).
Also, UCP doesn't store the compose file used to deploy the application. You can
use your version control system to persist that file.
## Where to go next
* [Deploy an app from the CLI](deploy-app-cli.md)

87
datacenter/ucp/2.0/applications/index.md
View File

@ -1,11 +1,88 @@
---
title: UCP applications
description: Learn how to manage applications on Docker Universal Control Plane.
title: Deploy an app from the UI
description: Learn how to deploy containerized applications on a cluster, with Docker
Universal Control Plane.
keywords:
- docker, ucp, apps, management
- ucp, deploy, application
---
This section includes the following topics:
With Docker Universal Control Plane you can deploy applications from the
UI. You can define your application on the UI, or import an existing
docker-compose.yml file.
In this example, we're going to deploy a WordPress application.
## Deploy WordPress
On your browser, **log in** to UCP, and navigate to the **Applications** page.
There, click the **Compose Application** button, to deploy a new application.
![](../images/deploy-app-ui-1.png)
The WordPress application we're going to deploy is composed of two services:
* wordpress: The container that runs Apache, PHP, and WordPress.
* db: A MariaDB database used for data persistence.
<!-- would be better if this was a docker-compose v2 file-->
```yml
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: example
```
Copy-paste the application definition to UCP, and name it 'wordpress'.
You can also upload a docker-compose.yml file from your machine, by clicking on
the 'Upload an existing docker-compose.yml' link.
![](../images/deploy-app-ui-2.png)
Click the **Create** button, to create the WordPress application.
Once UCP deploys the WordPress application, you can
**click on the wordpress_wordpress_1** container, to see its details.
![](../images/deploy-app-ui-3.png)
In the container details page, search for the **Ports** the container is
exposing.
![](../images/deploy-app-ui-4.png)
In this example, WordPress can be accessed at `192.168.99.106:8080`.
Navigate to this address in your browser, to start using the WordPress app you
just deployed.
![](../images/deploy-app-ui-5.png)
## Limitations
There are some limitations when deploying application on the UI. You can't
reference any external files, so the following Docker Compose keywords are not
supported:
* build
* dockerfile
* env_file
![](../images/deploy-app-ui-6.png)
To overcome these limitations, you can
[deploy your apps from the CLI](deploy-app-cli.md).
Also, UCP doesn't store the compose file used to deploy the application. You can
use your version control system to persist that file.
## Where to go next
* [Deploy an app from the UI](deploy-app-ui.md)
* [Deploy an app from the CLI](deploy-app-cli.md)

49
datacenter/ucp/2.0/configuration/index.md
View File

@ -1,12 +1,47 @@
---
title: UCP configuration
description: Learn how to configure Docker Universal Control Plane on production.
title: Use externally-signed certificates
description: Learn how to configure Docker Universal Control Plane to use your own
certificates.
keywords:
- docker, ucp, install, configuration
- Universal Control Plane, UCP, certificate, authentiation, tls
---
This section includes the following topics:
By default the UCP web UI is exposed using HTTPS, to ensure all
communications between clients and the cluster are encrypted. Since UCP
controllers use self-signed certificates for this, when a client accesses
UCP their browsers won't trust this certificate, so the browser displays a
warning message.
* [Integrate with Docker Trusted Registry](dtr-integration.md)
* [Configure UCP logging](configure-logs.md)
* [Route hostnames to services](route-hostnames.md)
You can configure UCP to use your own certificates, so that it is automatically
trusted by your users' browser and client tools.
To ensure minimal impact to your business, you should plan for this change to
happen outside business peak hours. Your applications will continue
running normally, but UCP will be unresponsive while the controller containers
are restarted.
## Replace the server certificates
To configure UCP to use your own certificates and keys, go to the
**UCP web UI**, navigate to the **Admin Settings** page,
and click **Certificates**.
![](../images/use-externally-signed-certs-1.png)
Upload your certificates and keys:
* A ca.pem file with the root CA public certificate.
* A cert.pem file with the server certificate and any intermediate CA public
certificates. This certificate should also have SANs for all addresses used to
reach the UCP controller, including load balancers.
* A key.pem file with server private key.
Finally, click **Update** for the changes to take effect.
After replacing the certificates your users won't be able to authenticate
with their old client certificate bundles. Ask your users to go to the UCP
web UI and [get new client certificate bundles](../access-ucp/cli-based-access.md).
## Where to go next
* [Access UCP from the CLI](../access-ucp/cli-based-access.md)

47
datacenter/ucp/2.0/configuration/use-externally-signed-certs.md
View File

@ -1,47 +0,0 @@
---
title: Use externally-signed certificates
description: Learn how to configure Docker Universal Control Plane to use your own
certificates.
keywords:
- Universal Control Plane, UCP, certificate, authentiation, tls
---
By default the UCP web UI is exposed using HTTPS, to ensure all
communications between clients and the cluster are encrypted. Since UCP
controllers use self-signed certificates for this, when a client accesses
UCP their browsers won't trust this certificate, so the browser displays a
warning message.
You can configure UCP to use your own certificates, so that it is automatically
trusted by your users' browser and client tools.
To ensure minimal impact to your business, you should plan for this change to
happen outside business peak hours. Your applications will continue
running normally, but UCP will be unresponsive while the controller containers
are restarted.
## Replace the server certificates
To configure UCP to use your own certificates and keys, go to the
**UCP web UI**, navigate to the **Admin Settings** page,
and click **Certificates**.
![](../images/use-externally-signed-certs-1.png)
Upload your certificates and keys:
* A ca.pem file with the root CA public certificate.
* A cert.pem file with the server certificate and any intermediate CA public
certificates. This certificate should also have SANs for all addresses used to
reach the UCP controller, including load balancers.
* A key.pem file with server private key.
Finally, click **Update** for the changes to take effect.
After replacing the certificates your users won't be able to authenticate
with their old client certificate bundles. Ask your users to go to the UCP
web UI and [get new client certificate bundles](../access-ucp/cli-based-access.md).
## Where to go next
* [Access UCP from the CLI](../access-ucp/cli-based-access.md)

62
datacenter/ucp/2.0/high-availability/index.md
View File

@ -1,11 +1,61 @@
---
title: Configure UCP for high availability
description: Learn how to set up Docker Universal Control Plane for high availability.
title: Set up high availability
description: Docker Universal Control plane has support for high availability. Learn
how to set up your installation to ensure it tolerates failures.
keywords:
- docker, ucp, high-availability, backup, recovery
- docker, ucp, high-availability, replica
---
This section includes the following topics:
Docker Universal Control Plane is designed for high availability (HA). You can
join multiple manager nodes to the cluster, so that if one manager node fails,
another can automatically take its place without impact to the cluster.
* [Set up high availability](set-up-high-availability.md)
* [Backups and disaster recovery](backups-and-disaster-recovery.md)
Having multiple manager nodes in your cluster, allows you to:
* Handle manager node failures,
* Load-balance user requests across all manager nodes.
## Size your deployment
To make the cluster tolerant to more failures, add additional replica nodes to
your cluster.
| Manager nodes | Failures tolerated |
|:-------------:|:------------------:|
| 1 | 0 |
| 3 | 1 |
| 5 | 2 |
| 7 | 3 |
For production-grade deployments, follow these rules of thumb:
* When a manager node fails, the number of failures tolerated by your cluster
decreases. Don't leave that node offline for too long.
* You should distribute your manager nodes across different availability zones.
This way your cluster can continue working even if an entire availability zone
goes down.
* Adding many manager nodes to the cluster might lead to performance
degradation, as changes to configurations need to be replicated across all
manager nodes. The maximum advisable is having 7 manager nodes.
After provisioning the new nodes, you can
[add them to the cluster](../installation/scale-your-cluster.md).
## Load-balancing on UCP
Docker UCP does not include a load balancer. You can configure your own
load balancer to balance user requests across all manager nodes.
[Learn more about the UCP reference architecture](https://www.docker.com/sites/default/files/RA_UCP%20Load%20Balancing-Feb%202016_0.pdf).
Since Docker UCP uses mutual TLS, make sure you configure your load balancer to:
* Load-balance TCP traffic on port 443,
* Not terminate HTTPS connections,
* Use the `/_ping` endpoint on each manager node, to check if the node
is healthy and if it should remain on the load balancing pool or not.
## Where to go next
* [UCP architecture](../architecture.md)
* [Scale your cluster](../installation/scale-your-cluster.md)

61
datacenter/ucp/2.0/high-availability/set-up-high-availability.md
View File

@ -1,61 +0,0 @@
---
title: Set up high availability
description: Docker Universal Control plane has support for high availability. Learn
how to set up your installation to ensure it tolerates failures.
keywords:
- docker, ucp, high-availability, replica
---
Docker Universal Control Plane is designed for high availability (HA). You can
join multiple manager nodes to the cluster, so that if one manager node fails,
another can automatically take its place without impact to the cluster.
Having multiple manager nodes in your cluster, allows you to:
* Handle manager node failures,
* Load-balance user requests across all manager nodes.
## Size your deployment
To make the cluster tolerant to more failures, add additional replica nodes to
your cluster.
| Manager nodes | Failures tolerated |
|:-------------:|:------------------:|
| 1 | 0 |
| 3 | 1 |
| 5 | 2 |
| 7 | 3 |
For production-grade deployments, follow these rules of thumb:
* When a manager node fails, the number of failures tolerated by your cluster
decreases. Don't leave that node offline for too long.
* You should distribute your manager nodes across different availability zones.
This way your cluster can continue working even if an entire availability zone
goes down.
* Adding many manager nodes to the cluster might lead to performance
degradation, as changes to configurations need to be replicated across all
manager nodes. The maximum advisable is having 7 manager nodes.
After provisioning the new nodes, you can
[add them to the cluster](../installation/scale-your-cluster.md).
## Load-balancing on UCP
Docker UCP does not include a load balancer. You can configure your own
load balancer to balance user requests across all manager nodes.
[Learn more about the UCP reference architecture](https://www.docker.com/sites/default/files/RA_UCP%20Load%20Balancing-Feb%202016_0.pdf).
Since Docker UCP uses mutual TLS, make sure you configure your load balancer to:
* Load-balance TCP traffic on port 443,
* Not terminate HTTPS connections,
* Use the `/_ping` endpoint on each manager node, to check if the node
is healthy and if it should remain on the load balancing pool or not.
## Where to go next
* [UCP architecture](../architecture.md)
* [Scale your cluster](../installation/scale-your-cluster.md)

73
datacenter/ucp/2.0/index.md
View File

@ -1,23 +1,68 @@
---
title: Docker Universal Control Plane
description: Docker Universal Control Plane
title: Universal Control Plane overview
description: Learn about Docker Universal Control Plane, the enterprise-grade cluster
management solution from Docker.
keywords:
- universal, control, plane, ucp
- docker, ucp, overview, orchestration, clustering
---
Docker Universal Control Plane (UCP) is the enterprise-grade cluster management
solution from Docker. You install it behind your firewall, and it helps you
manage your whole cluster from a single place.
The UCP documentation includes the following topics:
![](images/overview-1.png)
* [Universal Control Plane overview](overview.md)
* [Architecture](architecture.md)
* [Installation](installation/system-requirements.md)
* [Access UCP](access-ucp/web-based-access.md)
* [Configuration](configuration/dtr-integration.md)
* [Monitor and troubleshoot](monitor/monitor-ucp.md)
* [High availability](high-availability/set-up-high-availability.md)
* [User management](user-management/authentication-and-authorization.md)
* [Applications](applications/deploy-app-ui.md)
* [Release notes](release-notes.md)
## Centralized cluster management
Docker UCP can be installed on-premises, or on a virtual private cloud.
And with it, you can manage thousands of nodes as if they were a single one.
You can monitor and manage your cluster using a graphical UI.
![](images/overview-2.png)
Since UCP exposes the standard Docker API, you can continue using the tools
you already know, to manage a whole cluster.
As an example, you can use the `docker info` command to check the
status of the cluster:
```bash
$ docker info
Containers: 30
Images: 24
Server Version: swarm/1.1.3
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
ucp: 192.168.99.103:12376
└ Status: Healthy
└ Containers: 20
ucp-replica: 192.168.99.102:12376
└ Status: Healthy
└ Containers: 10
```
## Deploy, manage, and monitor
With Docker UCP you can manage the nodes of your infrastructure. You can also
manage apps, containers, networks, images, and volumes, in a transparent way.
## Built-in security and access control
Docker UCP has its own built-in authentication mechanism, and supports LDAP
and Active Directory. It also supports Role Based Access Control (RBAC).
This ensures that only authorized users can access and make changes to cluster.
![](images/overview-3.png)
Docker UCP also integrates with Docker Trusted Registry and Docker Content
Trust. This allows you to keep your images stored behind your firewall,
where they are safe. It also allows you to sign those images to ensure that
the images you deploy have not been altered in any way.
## Where to go next
* [UCP architecture](architecture.md)
* [Install UCP](installation/install-production.md)

64
datacenter/ucp/2.0/installation/index.md
View File

@ -1,16 +1,60 @@
---
title: Install UCP
description: Learn the requirements and procedure to install Docker Universal Control Plane on production.
title: UCP System requirements
description: Learn about the system requirements for installing Docker Universal Control
Plane.
keywords:
- docker, ucp, install, requirements
- docker, ucp, architecture, requirements
---
This section includes the following topics:
Docker Universal Control Plane can be installed on-premises or on the cloud.
Before installing, be sure your infrastructure has these requirements.
* [System requirements](system-requirements.md)
## Hardware and software requirements
You can install UCP on-premises or on a cloud provider. To install UCP,
all nodes must have:
* Linux kernel version 3.10 or higher
* CS Docker Engine version 1.12.1 or higher
* 2.00 GB of RAM
* 3.00 GB of available disk space
* A static IP address
For highly-available installations, you also need a way to transfer files
between hosts.
## Ports used
When installing UCP on a host, make sure the following ports are open:
| Hosts | Direction | Port | Purpose |
|:------------------|:---------:|:------------------------|:----------------------------------------------------------------------------------|
| managers, workers | in | TCP 443 (configurable) | Port for the UCP web UI and API |
| managers | in | TCP 2376 (configurable) | Port for the Docker Swarm manager. Used for backwards compatibility |
| managers, workers | in | TCP 2377 (configurable) | Port for communication between swarm nodes |
| managers, workers | in, out | TCP, UDP 4789 | Port for overlay networking |
| managers, workers | in, out | TCP, UDP 7946 | Port for overlay networking |
| managers, workers | in | TCP 12376 | Port for a TLS proxy that provides access to UCP, Docker Engine, and Docker Swarm |
| managers | in | TCP 12379 | Port for internal node configuration, cluster configuration, and HA |
| managers | in | TCP 12380 | Port for internal node configuration, cluster configuration, and HA |
| managers | in | TCP 12381 | Port for the certificate authority |
| managers | in | TCP 12382 | Port for the UCP certificate authority |
| managers | in | TCP 12383 | Port for the authentication storage backend |
| managers | in | TCP 12384 | Port for the authentication storage backend for replication across managers |
| managers | in | TCP 12385 | Port for the authentication service API |
| managers | in | TCP 12386 | Port for the authentication worker |
## Compatibility and maintenance lifecycle
Docker Datacenter is a software subscription that includes 3 products:
* CS Docker Engine,
* Docker Trusted Registry,
* Docker Universal Control Plane.
[Learn more about the maintenance lifecycle for these products](http://success.docker.com/Get_Help/Compatibility_Matrix_and_Maintenance_Lifecycle).
## Where to go next
* [UCP architecture](../architecture.md)
* [Plan a production installation](plan-production-install.md)
* [Install UCP for production](install-production.md)
* [Install offline](install-offline.md)
* [License UCP](license.md)
* [Upgrade to UCP 2.0](upgrade.md)
* [Uninstall UCP](uninstall.md)

60
datacenter/ucp/2.0/installation/system-requirements.md
View File

@ -1,60 +0,0 @@
---
title: UCP System requirements
description: Learn about the system requirements for installing Docker Universal Control
Plane.
keywords:
- docker, ucp, architecture, requirements
---
Docker Universal Control Plane can be installed on-premises or on the cloud.
Before installing, be sure your infrastructure has these requirements.
## Hardware and software requirements
You can install UCP on-premises or on a cloud provider. To install UCP,
all nodes must have:
* Linux kernel version 3.10 or higher
* CS Docker Engine version 1.12.1 or higher
* 2.00 GB of RAM
* 3.00 GB of available disk space
* A static IP address
For highly-available installations, you also need a way to transfer files
between hosts.
## Ports used
When installing UCP on a host, make sure the following ports are open:
| Hosts | Direction | Port | Purpose |
|:------------------|:---------:|:------------------------|:----------------------------------------------------------------------------------|
| managers, workers | in | TCP 443 (configurable) | Port for the UCP web UI and API |
| managers | in | TCP 2376 (configurable) | Port for the Docker Swarm manager. Used for backwards compatibility |
| managers, workers | in | TCP 2377 (configurable) | Port for communication between swarm nodes |
| managers, workers | in, out | TCP, UDP 4789 | Port for overlay networking |
| managers, workers | in, out | TCP, UDP 7946 | Port for overlay networking |
| managers, workers | in | TCP 12376 | Port for a TLS proxy that provides access to UCP, Docker Engine, and Docker Swarm |
| managers | in | TCP 12379 | Port for internal node configuration, cluster configuration, and HA |
| managers | in | TCP 12380 | Port for internal node configuration, cluster configuration, and HA |
| managers | in | TCP 12381 | Port for the certificate authority |
| managers | in | TCP 12382 | Port for the UCP certificate authority |
| managers | in | TCP 12383 | Port for the authentication storage backend |
| managers | in | TCP 12384 | Port for the authentication storage backend for replication across managers |
| managers | in | TCP 12385 | Port for the authentication service API |
| managers | in | TCP 12386 | Port for the authentication worker |
## Compatibility and maintenance lifecycle
Docker Datacenter is a software subscription that includes 3 products:
* CS Docker Engine,
* Docker Trusted Registry,
* Docker Universal Control Plane.
[Learn more about the maintenance lifecycle for these products](http://success.docker.com/Get_Help/Compatibility_Matrix_and_Maintenance_Lifecycle).
## Where to go next
* [UCP architecture](../architecture.md)
* [Plan a production installation](plan-production-install.md)

85
datacenter/ucp/2.0/monitor/index.md
View File

@ -1,12 +1,85 @@
---
title: Monitor and troubleshoot UCP
description: Manage, monitor, troubleshoot
title: Monitor your cluster
description: Monitor your Docker Universal Control Plane installation, and learn how
to troubleshoot it.
keywords:
- manage, monitor, troubleshoot
- Docker, UCP, troubleshoot
---
This section includes the following topics:
This article gives you an overview of how to monitor your Docker UCP
cluster. Here you'll also find the information you need to troubleshoot
if something goes wrong.
## Check the cluster status from the UI
To monitor your UCP cluster, the first thing to check is the **Nodes**
screen on the UCP web app.
![UCP dashboard](../images/monitor-ucp-1.png)
In the nodes screen you can see if all the nodes in the cluster are healthy, or
if there is any problem.
You can also check the state of individual UCP containers by navigating to the
**Containers** page. By default the Containers screen doesn't display system
containers. On the filter dropdown choose **Show all containers** to see all
the UCP components.
![UCP dashboard](../images/monitor-ucp-2.png)
You can click on a container to see more details like configurations and logs.
## Check the cluster status from the CLI
You can also monitor the status of a UCP cluster, using the Docker CLI client.
1. Get a client certificate bundle.
When using the Docker CLI client you need to authenticate using client
certificates.
[Learn how to use client certificates](../access-ucp/cli-based-access.md).
If your client certificate bundle is for a non-admin user, you won't have
permissions to execute all docker commands, or see all information about
the cluster.
2. Use the `docker info` command to check the cluster status.
```bash
$ docker info
Containers: 11
Nodes: 2
ucp: 192.168.99.100:12376
└ Status: Healthy
ucp-node: 192.168.99.101:12376
└ Status: Healthy
Cluster Managers: 1
192.168.99.104: Healthy
└ Orca Controller: https://192.168.99.100:443
└ Swarm Manager: tcp://192.168.99.100:3376
└ KV: etcd://192.168.99.100:12379
```
3. Check the container logs
With an admin user certificate bundle, you can run docker commands directly
on the Docker Engine or Swarm Manager of a node. In this example, we are
connecting directly to the Docker Engine running on the UCP controller, and
requesting the logs of the ucp-kv container.
```bash
$ docker -H tcp://192.168.99.101:12376 logs ucp-kv
2016-04-18 22:40:51.553912 I | etcdserver: start to snapshot (applied: 40004, lastsnap: 30003)
2016-04-18 22:40:51.561682 I | etcdserver: saved snapshot at index 40004
2016-04-18 22:40:51.561927 I | etcdserver: compacted raft log at 35004
```
## Where to go next
* [Monitor your cluster](monitor-ucp.md)
* [Troubleshoot your cluster](troubleshoot-ucp.md)
* [Troubleshoot cluster configurations](troubleshoot-configurations.md)
* [Get support](../support.md)

85
datacenter/ucp/2.0/monitor/monitor-ucp.md
View File

@ -1,85 +0,0 @@
---
title: Monitor your cluster
description: Monitor your Docker Universal Control Plane installation, and learn how
to troubleshoot it.
keywords:
- Docker, UCP, troubleshoot
---
This article gives you an overview of how to monitor your Docker UCP
cluster. Here you'll also find the information you need to troubleshoot
if something goes wrong.
## Check the cluster status from the UI
To monitor your UCP cluster, the first thing to check is the **Nodes**
screen on the UCP web app.
![UCP dashboard](../images/monitor-ucp-1.png)
In the nodes screen you can see if all the nodes in the cluster are healthy, or
if there is any problem.
You can also check the state of individual UCP containers by navigating to the
**Containers** page. By default the Containers screen doesn't display system
containers. On the filter dropdown choose **Show all containers** to see all
the UCP components.
![UCP dashboard](../images/monitor-ucp-2.png)
You can click on a container to see more details like configurations and logs.
## Check the cluster status from the CLI
You can also monitor the status of a UCP cluster, using the Docker CLI client.
1. Get a client certificate bundle.
When using the Docker CLI client you need to authenticate using client
certificates.
[Learn how to use client certificates](../access-ucp/cli-based-access.md).
If your client certificate bundle is for a non-admin user, you won't have
permissions to execute all docker commands, or see all information about
the cluster.
2. Use the `docker info` command to check the cluster status.
```bash
$ docker info
Containers: 11
Nodes: 2
ucp: 192.168.99.100:12376
└ Status: Healthy
ucp-node: 192.168.99.101:12376
└ Status: Healthy
Cluster Managers: 1
192.168.99.104: Healthy
└ Orca Controller: https://192.168.99.100:443
└ Swarm Manager: tcp://192.168.99.100:3376
└ KV: etcd://192.168.99.100:12379
```
3. Check the container logs
With an admin user certificate bundle, you can run docker commands directly
on the Docker Engine or Swarm Manager of a node. In this example, we are
connecting directly to the Docker Engine running on the UCP controller, and
requesting the logs of the ucp-kv container.
```bash
$ docker -H tcp://192.168.99.101:12376 logs ucp-kv
2016-04-18 22:40:51.553912 I | etcdserver: start to snapshot (applied: 40004, lastsnap: 30003)
2016-04-18 22:40:51.561682 I | etcdserver: saved snapshot at index 40004
2016-04-18 22:40:51.561927 I | etcdserver: compacted raft log at 35004
```
## Where to go next
* [Troubleshoot your cluster](troubleshoot-ucp.md)
* [Get support](../support.md)

68
datacenter/ucp/2.0/overview.md
View File

@ -1,68 +0,0 @@
---
title: Universal Control Plane overview
description: Learn about Docker Universal Control Plane, the enterprise-grade cluster
management solution from Docker.
keywords:
- docker, ucp, overview, orchestration, clustering
---
Docker Universal Control Plane (UCP) is the enterprise-grade cluster management
solution from Docker. You install it behind your firewall, and it helps you
manage your whole cluster from a single place.
![](images/overview-1.png)
## Centralized cluster management
Docker UCP can be installed on-premises, or on a virtual private cloud.
And with it, you can manage thousands of nodes as if they were a single one.
You can monitor and manage your cluster using a graphical UI.
![](images/overview-2.png)
Since UCP exposes the standard Docker API, you can continue using the tools
you already know, to manage a whole cluster.
As an example, you can use the `docker info` command to check the
status of the cluster:
```bash
$ docker info
Containers: 30
Images: 24
Server Version: swarm/1.1.3
Role: primary
Strategy: spread
Filters: health, port, dependency, affinity, constraint
Nodes: 2
ucp: 192.168.99.103:12376
└ Status: Healthy
└ Containers: 20
ucp-replica: 192.168.99.102:12376
└ Status: Healthy
└ Containers: 10
```
## Deploy, manage, and monitor
With Docker UCP you can manage the nodes of your infrastructure. You can also
manage apps, containers, networks, images, and volumes, in a transparent way.
## Built-in security and access control
Docker UCP has its own built-in authentication mechanism, and supports LDAP
and Active Directory. It also supports Role Based Access Control (RBAC).
This ensures that only authorized users can access and make changes to cluster.
![](images/overview-3.png)
Docker UCP also integrates with Docker Trusted Registry and Docker Content
Trust. This allows you to keep your images stored behind your firewall,
where they are safe. It also allows you to sign those images to ensure that
the images you deploy have not been altered in any way.
## Where to go next
* [UCP architecture](architecture.md)
* [Install UCP](installation/install-production.md)

13
datacenter/ucp/2.0/user-management/index.md
View File

@ -1,13 +0,0 @@
---
title: Manage users in UCP
description: Learn how to manage user permissions on Docker Universal Control Plane.
keywords:
- docker, ucp, management, security, users
---
This section includes the following topics:
* [Authentication and authorization](authentication-and-authorization.md)
* [Create and manage users](create-and-manage-users.md)
* [Create and manage teams](create-and-manage-teams.md)
* [Permission levels](permission-levels.md)