diff --git a/_data/toc.yaml b/_data/toc.yaml index b3d85f8bc8..f4fe02be81 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -633,13 +633,13 @@ toc: section: - sectiontitle: Universal Control Plane 2.0 section: - - path: /datacenter/ucp/2.0/overview/ + - path: /datacenter/ucp/2.0/ title: Universal Control Plane overview - path: /datacenter/ucp/2.0/architecture/ title: Architecture - sectiontitle: Installation section: - - path: /datacenter/ucp/2.0/installation/system-requirements/ + - path: /datacenter/ucp/2.0/installation/ title: System requirements - path: /datacenter/ucp/2.0/installation/plan-production-install/ title: Plan a production installation @@ -685,13 +685,13 @@ toc: title: upgrade - sectiontitle: Access UCP section: - - path: /datacenter/ucp/2.0/access-ucp/web-based-access/ + - path: /datacenter/ucp/2.0/access-ucp/ title: Web-based access - path: /datacenter/ucp/2.0/access-ucp/cli-based-access/ title: CLI-based access - sectiontitle: Configuration section: - - path: /datacenter/ucp/2.0/configuration/use-externally-signed-certs/ + - path: /datacenter/ucp/2.0/configuration/ title: Use externally-signed certificates - path: /datacenter/ucp/2.0/configuration/configure-logs/ title: Configure UCP logging @@ -703,7 +703,7 @@ toc: title: Route hostnames to services - sectiontitle: Monitor and troubleshoot section: - - path: /datacenter/ucp/2.0/monitor/monitor-ucp/ + - path: /datacenter/ucp/2.0/monitor/ title: Monitor your cluster - path: /datacenter/ucp/2.0/monitor/troubleshoot-ucp/ title: Troubleshoot your cluster @@ -711,13 +711,13 @@ toc: title: Troubleshoot cluster configurations - sectiontitle: High-availability section: - - path: /datacenter/ucp/2.0/high-availability/set-up-high-availability/ + - path: /datacenter/ucp/2.0/high-availability/ title: Set up high availability - path: /datacenter/ucp/2.0/high-availability/backups-and-disaster-recovery/ title: Backups and disaster recovery - sectiontitle: User management section: - - path: /datacenter/ucp/2.0/user-management/authentication-and-authorization/ + - path: /datacenter/ucp/2.0/user-management/ title: Authentication and authorization - path: /datacenter/ucp/2.0/user-management/create-and-manage-users/ title: Create and manage users @@ -727,10 +727,16 @@ toc: title: Permission levels - sectiontitle: Applications section: - - path: /datacenter/ucp/2.0/applications/deploy-app-ui/ + - path: /datacenter/ucp/2.0/applications/ title: Deploy an app from the UI - path: /datacenter/ucp/2.0/applications/deploy-app-cli/ title: Deploy an app from the CLI + - sectiontitle: Content trust + section: + - path: /datacenter/ucp/2.0/content-trust/ + title: Run only images you trust + - path: /datacenter/ucp/2.0/content-trust/manage-trusted-repositories/ + title: Manage trusted repositories - path: /datacenter/ucp/2.0/support/ title: Get support - path: /datacenter/ucp/2.0/release-notes/ @@ -747,7 +753,7 @@ toc: title: System requirements - path: /datacenter/dtr/2.1/install/ title: Install Docker Trusted Registry - - path: /datacenter/dtr/2.1/install/install-dtr-offline/ + - path: /datacenter/dtr/2.1/install/install-offline/ title: Install offline - path: /datacenter/dtr/2.1/install/license/ title: License your deployment @@ -781,7 +787,7 @@ toc: section: - path: /datacenter/dtr/2.1/configure/ title: Use your own certificates - - path: /datacenter/dtr/2.1/configure/storage-configuration/ + - path: /datacenter/dtr/2.1/configure/configure-storage/ title: Storage configuration - sectiontitle: Monitor and troubleshoot section: diff --git a/datacenter/dtr/2.1/assets/gc1.png b/datacenter/dtr/2.1/assets/gc1.png deleted file mode 100644 index 2db3446ceb..0000000000 Binary files a/datacenter/dtr/2.1/assets/gc1.png and /dev/null differ diff --git a/datacenter/dtr/2.1/assets/gc3.png b/datacenter/dtr/2.1/assets/gc3.png deleted file mode 100644 index 1832e7f667..0000000000 Binary files a/datacenter/dtr/2.1/assets/gc3.png and /dev/null differ diff --git a/datacenter/dtr/2.1/assets/repo.png b/datacenter/dtr/2.1/assets/repo.png deleted file mode 100644 index 9b08a6bbfc..0000000000 Binary files a/datacenter/dtr/2.1/assets/repo.png and /dev/null differ diff --git a/datacenter/dtr/2.1/configure/storage-configuration.md b/datacenter/dtr/2.1/configure/configure-storage.md similarity index 100% rename from datacenter/dtr/2.1/configure/storage-configuration.md rename to datacenter/dtr/2.1/configure/configure-storage.md diff --git a/datacenter/dtr/2.1/install/install-dtr-offline.md b/datacenter/dtr/2.1/install/install-offline.md similarity index 100% rename from datacenter/dtr/2.1/install/install-dtr-offline.md rename to datacenter/dtr/2.1/install/install-offline.md diff --git a/datacenter/ucp/2.0/access-ucp/index.md b/datacenter/ucp/2.0/access-ucp/index.md index 4ff580e267..90665b797f 100644 --- a/datacenter/ucp/2.0/access-ucp/index.md +++ b/datacenter/ucp/2.0/access-ucp/index.md @@ -1,12 +1,24 @@ --- -title: Access UCP -description: Learn how to access Docker Universal Control Plane from the web and the - CLI. +title: Web-based access +description: Learn how to access Docker Universal Control Plane from the web browser. keywords: -- docker, ucp, cli +- docker, ucp, web, administration --- -This section includes the following topics: +Docker Universal Control Plane allows you to manage your cluster in a visual +way, from your browser. -* [Web-based access](web-based-access.md) -* [CLI-based access](cli-based-access.md) +![](../images/overview-1.png) + + +Docker UCP secures your cluster with role-based access control. From the +browser, Administrators can: + +* Manage cluster configurations, +* Manage the permissions of users and teams, +* See all images, networks, volumes, and containers. + +![](../images/overview-3.png) + +Non-admin users can only see and change the images, networks, volumes, and +containers, they are granted access. diff --git a/datacenter/ucp/2.0/access-ucp/web-based-access.md b/datacenter/ucp/2.0/access-ucp/web-based-access.md deleted file mode 100644 index 90665b797f..0000000000 --- a/datacenter/ucp/2.0/access-ucp/web-based-access.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Web-based access -description: Learn how to access Docker Universal Control Plane from the web browser. -keywords: -- docker, ucp, web, administration ---- - -Docker Universal Control Plane allows you to manage your cluster in a visual -way, from your browser. - -![](../images/overview-1.png) - - -Docker UCP secures your cluster with role-based access control. From the -browser, Administrators can: - -* Manage cluster configurations, -* Manage the permissions of users and teams, -* See all images, networks, volumes, and containers. - -![](../images/overview-3.png) - -Non-admin users can only see and change the images, networks, volumes, and -containers, they are granted access. diff --git a/datacenter/ucp/2.0/applications/deploy-app-ui.md b/datacenter/ucp/2.0/applications/deploy-app-ui.md deleted file mode 100644 index a0bc820d2f..0000000000 --- a/datacenter/ucp/2.0/applications/deploy-app-ui.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Deploy an app from the UI -description: Learn how to deploy containerized applications on a cluster, with Docker - Universal Control Plane. -keywords: -- ucp, deploy, application ---- - -With Docker Universal Control Plane you can deploy applications from the -UI. You can define your application on the UI, or import an existing -docker-compose.yml file. - -In this example, we're going to deploy a WordPress application. - -## Deploy WordPress - -On your browser, **log in** to UCP, and navigate to the **Applications** page. -There, click the **Compose Application** button, to deploy a new application. - -![](../images/deploy-app-ui-1.png) - -The WordPress application we're going to deploy is composed of two services: - -* wordpress: The container that runs Apache, PHP, and WordPress. -* db: A MariaDB database used for data persistence. - - - -```yml -wordpress: - image: wordpress - links: - - db:mysql - ports: - - 8080:80 - -db: - image: mariadb - environment: - MYSQL_ROOT_PASSWORD: example -``` - -Copy-paste the application definition to UCP, and name it 'wordpress'. -You can also upload a docker-compose.yml file from your machine, by clicking on -the 'Upload an existing docker-compose.yml' link. - -![](../images/deploy-app-ui-2.png) - -Click the **Create** button, to create the WordPress application. - -Once UCP deploys the WordPress application, you can -**click on the wordpress_wordpress_1** container, to see its details. - -![](../images/deploy-app-ui-3.png) - -In the container details page, search for the **Ports** the container is -exposing. - -![](../images/deploy-app-ui-4.png) - -In this example, WordPress can be accessed at `192.168.99.106:8080`. -Navigate to this address in your browser, to start using the WordPress app you -just deployed. - -![](../images/deploy-app-ui-5.png) - - -## Limitations - -There are some limitations when deploying application on the UI. You can't -reference any external files, so the following Docker Compose keywords are not -supported: - -* build -* dockerfile -* env_file - -![](../images/deploy-app-ui-6.png) - -To overcome these limitations, you can -[deploy your apps from the CLI](deploy-app-cli.md). - -Also, UCP doesn't store the compose file used to deploy the application. You can -use your version control system to persist that file. - -## Where to go next - -* [Deploy an app from the CLI](deploy-app-cli.md) diff --git a/datacenter/ucp/2.0/applications/index.md b/datacenter/ucp/2.0/applications/index.md index 6969a60ba4..a0bc820d2f 100644 --- a/datacenter/ucp/2.0/applications/index.md +++ b/datacenter/ucp/2.0/applications/index.md @@ -1,11 +1,88 @@ --- -title: UCP applications -description: Learn how to manage applications on Docker Universal Control Plane. +title: Deploy an app from the UI +description: Learn how to deploy containerized applications on a cluster, with Docker + Universal Control Plane. keywords: -- docker, ucp, apps, management +- ucp, deploy, application --- -This section includes the following topics: +With Docker Universal Control Plane you can deploy applications from the +UI. You can define your application on the UI, or import an existing +docker-compose.yml file. + +In this example, we're going to deploy a WordPress application. + +## Deploy WordPress + +On your browser, **log in** to UCP, and navigate to the **Applications** page. +There, click the **Compose Application** button, to deploy a new application. + +![](../images/deploy-app-ui-1.png) + +The WordPress application we're going to deploy is composed of two services: + +* wordpress: The container that runs Apache, PHP, and WordPress. +* db: A MariaDB database used for data persistence. + + + +```yml +wordpress: + image: wordpress + links: + - db:mysql + ports: + - 8080:80 + +db: + image: mariadb + environment: + MYSQL_ROOT_PASSWORD: example +``` + +Copy-paste the application definition to UCP, and name it 'wordpress'. +You can also upload a docker-compose.yml file from your machine, by clicking on +the 'Upload an existing docker-compose.yml' link. + +![](../images/deploy-app-ui-2.png) + +Click the **Create** button, to create the WordPress application. + +Once UCP deploys the WordPress application, you can +**click on the wordpress_wordpress_1** container, to see its details. + +![](../images/deploy-app-ui-3.png) + +In the container details page, search for the **Ports** the container is +exposing. + +![](../images/deploy-app-ui-4.png) + +In this example, WordPress can be accessed at `192.168.99.106:8080`. +Navigate to this address in your browser, to start using the WordPress app you +just deployed. + +![](../images/deploy-app-ui-5.png) + + +## Limitations + +There are some limitations when deploying application on the UI. You can't +reference any external files, so the following Docker Compose keywords are not +supported: + +* build +* dockerfile +* env_file + +![](../images/deploy-app-ui-6.png) + +To overcome these limitations, you can +[deploy your apps from the CLI](deploy-app-cli.md). + +Also, UCP doesn't store the compose file used to deploy the application. You can +use your version control system to persist that file. + +## Where to go next -* [Deploy an app from the UI](deploy-app-ui.md) * [Deploy an app from the CLI](deploy-app-cli.md) diff --git a/datacenter/ucp/2.0/configuration/index.md b/datacenter/ucp/2.0/configuration/index.md index 3dd688793e..734b6d4ca9 100644 --- a/datacenter/ucp/2.0/configuration/index.md +++ b/datacenter/ucp/2.0/configuration/index.md @@ -1,12 +1,47 @@ --- -title: UCP configuration -description: Learn how to configure Docker Universal Control Plane on production. +title: Use externally-signed certificates +description: Learn how to configure Docker Universal Control Plane to use your own + certificates. keywords: -- docker, ucp, install, configuration +- Universal Control Plane, UCP, certificate, authentiation, tls --- -This section includes the following topics: +By default the UCP web UI is exposed using HTTPS, to ensure all +communications between clients and the cluster are encrypted. Since UCP +controllers use self-signed certificates for this, when a client accesses +UCP their browsers won't trust this certificate, so the browser displays a +warning message. -* [Integrate with Docker Trusted Registry](dtr-integration.md) -* [Configure UCP logging](configure-logs.md) -* [Route hostnames to services](route-hostnames.md) +You can configure UCP to use your own certificates, so that it is automatically +trusted by your users' browser and client tools. + +To ensure minimal impact to your business, you should plan for this change to +happen outside business peak hours. Your applications will continue +running normally, but UCP will be unresponsive while the controller containers +are restarted. + +## Replace the server certificates + +To configure UCP to use your own certificates and keys, go to the +**UCP web UI**, navigate to the **Admin Settings** page, +and click **Certificates**. + +![](../images/use-externally-signed-certs-1.png) + +Upload your certificates and keys: + +* A ca.pem file with the root CA public certificate. +* A cert.pem file with the server certificate and any intermediate CA public +certificates. This certificate should also have SANs for all addresses used to +reach the UCP controller, including load balancers. +* A key.pem file with server private key. + +Finally, click **Update** for the changes to take effect. + +After replacing the certificates your users won't be able to authenticate +with their old client certificate bundles. Ask your users to go to the UCP +web UI and [get new client certificate bundles](../access-ucp/cli-based-access.md). + +## Where to go next + +* [Access UCP from the CLI](../access-ucp/cli-based-access.md) diff --git a/datacenter/ucp/2.0/configuration/use-externally-signed-certs.md b/datacenter/ucp/2.0/configuration/use-externally-signed-certs.md deleted file mode 100644 index 734b6d4ca9..0000000000 --- a/datacenter/ucp/2.0/configuration/use-externally-signed-certs.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Use externally-signed certificates -description: Learn how to configure Docker Universal Control Plane to use your own - certificates. -keywords: -- Universal Control Plane, UCP, certificate, authentiation, tls ---- - -By default the UCP web UI is exposed using HTTPS, to ensure all -communications between clients and the cluster are encrypted. Since UCP -controllers use self-signed certificates for this, when a client accesses -UCP their browsers won't trust this certificate, so the browser displays a -warning message. - -You can configure UCP to use your own certificates, so that it is automatically -trusted by your users' browser and client tools. - -To ensure minimal impact to your business, you should plan for this change to -happen outside business peak hours. Your applications will continue -running normally, but UCP will be unresponsive while the controller containers -are restarted. - -## Replace the server certificates - -To configure UCP to use your own certificates and keys, go to the -**UCP web UI**, navigate to the **Admin Settings** page, -and click **Certificates**. - -![](../images/use-externally-signed-certs-1.png) - -Upload your certificates and keys: - -* A ca.pem file with the root CA public certificate. -* A cert.pem file with the server certificate and any intermediate CA public -certificates. This certificate should also have SANs for all addresses used to -reach the UCP controller, including load balancers. -* A key.pem file with server private key. - -Finally, click **Update** for the changes to take effect. - -After replacing the certificates your users won't be able to authenticate -with their old client certificate bundles. Ask your users to go to the UCP -web UI and [get new client certificate bundles](../access-ucp/cli-based-access.md). - -## Where to go next - -* [Access UCP from the CLI](../access-ucp/cli-based-access.md) diff --git a/datacenter/ucp/2.0/high-availability/index.md b/datacenter/ucp/2.0/high-availability/index.md index 5afe173938..83f2786119 100644 --- a/datacenter/ucp/2.0/high-availability/index.md +++ b/datacenter/ucp/2.0/high-availability/index.md @@ -1,11 +1,61 @@ --- -title: Configure UCP for high availability -description: Learn how to set up Docker Universal Control Plane for high availability. +title: Set up high availability +description: Docker Universal Control plane has support for high availability. Learn + how to set up your installation to ensure it tolerates failures. keywords: -- docker, ucp, high-availability, backup, recovery +- docker, ucp, high-availability, replica --- -This section includes the following topics: +Docker Universal Control Plane is designed for high availability (HA). You can +join multiple manager nodes to the cluster, so that if one manager node fails, +another can automatically take its place without impact to the cluster. -* [Set up high availability](set-up-high-availability.md) -* [Backups and disaster recovery](backups-and-disaster-recovery.md) +Having multiple manager nodes in your cluster, allows you to: + +* Handle manager node failures, +* Load-balance user requests across all manager nodes. + +## Size your deployment + +To make the cluster tolerant to more failures, add additional replica nodes to +your cluster. + +| Manager nodes | Failures tolerated | +|:-------------:|:------------------:| +| 1 | 0 | +| 3 | 1 | +| 5 | 2 | +| 7 | 3 | + + +For production-grade deployments, follow these rules of thumb: + +* When a manager node fails, the number of failures tolerated by your cluster +decreases. Don't leave that node offline for too long. +* You should distribute your manager nodes across different availability zones. +This way your cluster can continue working even if an entire availability zone +goes down. +* Adding many manager nodes to the cluster might lead to performance +degradation, as changes to configurations need to be replicated across all +manager nodes. The maximum advisable is having 7 manager nodes. + +After provisioning the new nodes, you can +[add them to the cluster](../installation/scale-your-cluster.md). + +## Load-balancing on UCP + +Docker UCP does not include a load balancer. You can configure your own +load balancer to balance user requests across all manager nodes. +[Learn more about the UCP reference architecture](https://www.docker.com/sites/default/files/RA_UCP%20Load%20Balancing-Feb%202016_0.pdf). + +Since Docker UCP uses mutual TLS, make sure you configure your load balancer to: + +* Load-balance TCP traffic on port 443, +* Not terminate HTTPS connections, +* Use the `/_ping` endpoint on each manager node, to check if the node +is healthy and if it should remain on the load balancing pool or not. + +## Where to go next + +* [UCP architecture](../architecture.md) +* [Scale your cluster](../installation/scale-your-cluster.md) diff --git a/datacenter/ucp/2.0/high-availability/set-up-high-availability.md b/datacenter/ucp/2.0/high-availability/set-up-high-availability.md deleted file mode 100644 index 83f2786119..0000000000 --- a/datacenter/ucp/2.0/high-availability/set-up-high-availability.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Set up high availability -description: Docker Universal Control plane has support for high availability. Learn - how to set up your installation to ensure it tolerates failures. -keywords: -- docker, ucp, high-availability, replica ---- - -Docker Universal Control Plane is designed for high availability (HA). You can -join multiple manager nodes to the cluster, so that if one manager node fails, -another can automatically take its place without impact to the cluster. - -Having multiple manager nodes in your cluster, allows you to: - -* Handle manager node failures, -* Load-balance user requests across all manager nodes. - -## Size your deployment - -To make the cluster tolerant to more failures, add additional replica nodes to -your cluster. - -| Manager nodes | Failures tolerated | -|:-------------:|:------------------:| -| 1 | 0 | -| 3 | 1 | -| 5 | 2 | -| 7 | 3 | - - -For production-grade deployments, follow these rules of thumb: - -* When a manager node fails, the number of failures tolerated by your cluster -decreases. Don't leave that node offline for too long. -* You should distribute your manager nodes across different availability zones. -This way your cluster can continue working even if an entire availability zone -goes down. -* Adding many manager nodes to the cluster might lead to performance -degradation, as changes to configurations need to be replicated across all -manager nodes. The maximum advisable is having 7 manager nodes. - -After provisioning the new nodes, you can -[add them to the cluster](../installation/scale-your-cluster.md). - -## Load-balancing on UCP - -Docker UCP does not include a load balancer. You can configure your own -load balancer to balance user requests across all manager nodes. -[Learn more about the UCP reference architecture](https://www.docker.com/sites/default/files/RA_UCP%20Load%20Balancing-Feb%202016_0.pdf). - -Since Docker UCP uses mutual TLS, make sure you configure your load balancer to: - -* Load-balance TCP traffic on port 443, -* Not terminate HTTPS connections, -* Use the `/_ping` endpoint on each manager node, to check if the node -is healthy and if it should remain on the load balancing pool or not. - -## Where to go next - -* [UCP architecture](../architecture.md) -* [Scale your cluster](../installation/scale-your-cluster.md) diff --git a/datacenter/ucp/2.0/index.md b/datacenter/ucp/2.0/index.md index 597a4780d1..1a559e39d4 100644 --- a/datacenter/ucp/2.0/index.md +++ b/datacenter/ucp/2.0/index.md @@ -1,23 +1,68 @@ --- -title: Docker Universal Control Plane -description: Docker Universal Control Plane +title: Universal Control Plane overview +description: Learn about Docker Universal Control Plane, the enterprise-grade cluster + management solution from Docker. keywords: -- universal, control, plane, ucp +- docker, ucp, overview, orchestration, clustering --- Docker Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker. You install it behind your firewall, and it helps you manage your whole cluster from a single place. -The UCP documentation includes the following topics: +![](images/overview-1.png) -* [Universal Control Plane overview](overview.md) -* [Architecture](architecture.md) -* [Installation](installation/system-requirements.md) -* [Access UCP](access-ucp/web-based-access.md) -* [Configuration](configuration/dtr-integration.md) -* [Monitor and troubleshoot](monitor/monitor-ucp.md) -* [High availability](high-availability/set-up-high-availability.md) -* [User management](user-management/authentication-and-authorization.md) -* [Applications](applications/deploy-app-ui.md) -* [Release notes](release-notes.md) +## Centralized cluster management + +Docker UCP can be installed on-premises, or on a virtual private cloud. +And with it, you can manage thousands of nodes as if they were a single one. +You can monitor and manage your cluster using a graphical UI. + +![](images/overview-2.png) + +Since UCP exposes the standard Docker API, you can continue using the tools +you already know, to manage a whole cluster. + +As an example, you can use the `docker info` command to check the +status of the cluster: + +```bash +$ docker info + +Containers: 30 +Images: 24 +Server Version: swarm/1.1.3 +Role: primary +Strategy: spread +Filters: health, port, dependency, affinity, constraint +Nodes: 2 + ucp: 192.168.99.103:12376 + └ Status: Healthy + └ Containers: 20 + ucp-replica: 192.168.99.102:12376 + └ Status: Healthy + └ Containers: 10 +``` + +## Deploy, manage, and monitor + +With Docker UCP you can manage the nodes of your infrastructure. You can also +manage apps, containers, networks, images, and volumes, in a transparent way. + +## Built-in security and access control + +Docker UCP has its own built-in authentication mechanism, and supports LDAP +and Active Directory. It also supports Role Based Access Control (RBAC). +This ensures that only authorized users can access and make changes to cluster. + +![](images/overview-3.png) + +Docker UCP also integrates with Docker Trusted Registry and Docker Content +Trust. This allows you to keep your images stored behind your firewall, +where they are safe. It also allows you to sign those images to ensure that +the images you deploy have not been altered in any way. + +## Where to go next + +* [UCP architecture](architecture.md) +* [Install UCP](installation/install-production.md) diff --git a/datacenter/ucp/2.0/installation/index.md b/datacenter/ucp/2.0/installation/index.md index 37ec1b6e5a..3e06f07a19 100644 --- a/datacenter/ucp/2.0/installation/index.md +++ b/datacenter/ucp/2.0/installation/index.md @@ -1,16 +1,60 @@ --- -title: Install UCP -description: Learn the requirements and procedure to install Docker Universal Control Plane on production. +title: UCP System requirements +description: Learn about the system requirements for installing Docker Universal Control + Plane. keywords: -- docker, ucp, install, requirements +- docker, ucp, architecture, requirements --- -This section includes the following topics: +Docker Universal Control Plane can be installed on-premises or on the cloud. +Before installing, be sure your infrastructure has these requirements. -* [System requirements](system-requirements.md) +## Hardware and software requirements + +You can install UCP on-premises or on a cloud provider. To install UCP, +all nodes must have: + +* Linux kernel version 3.10 or higher +* CS Docker Engine version 1.12.1 or higher +* 2.00 GB of RAM +* 3.00 GB of available disk space +* A static IP address + +For highly-available installations, you also need a way to transfer files +between hosts. + +## Ports used + +When installing UCP on a host, make sure the following ports are open: + +| Hosts | Direction | Port | Purpose | +|:------------------|:---------:|:------------------------|:----------------------------------------------------------------------------------| +| managers, workers | in | TCP 443 (configurable) | Port for the UCP web UI and API | +| managers | in | TCP 2376 (configurable) | Port for the Docker Swarm manager. Used for backwards compatibility | +| managers, workers | in | TCP 2377 (configurable) | Port for communication between swarm nodes | +| managers, workers | in, out | TCP, UDP 4789 | Port for overlay networking | +| managers, workers | in, out | TCP, UDP 7946 | Port for overlay networking | +| managers, workers | in | TCP 12376 | Port for a TLS proxy that provides access to UCP, Docker Engine, and Docker Swarm | +| managers | in | TCP 12379 | Port for internal node configuration, cluster configuration, and HA | +| managers | in | TCP 12380 | Port for internal node configuration, cluster configuration, and HA | +| managers | in | TCP 12381 | Port for the certificate authority | +| managers | in | TCP 12382 | Port for the UCP certificate authority | +| managers | in | TCP 12383 | Port for the authentication storage backend | +| managers | in | TCP 12384 | Port for the authentication storage backend for replication across managers | +| managers | in | TCP 12385 | Port for the authentication service API | +| managers | in | TCP 12386 | Port for the authentication worker | + +## Compatibility and maintenance lifecycle + +Docker Datacenter is a software subscription that includes 3 products: + +* CS Docker Engine, +* Docker Trusted Registry, +* Docker Universal Control Plane. + +[Learn more about the maintenance lifecycle for these products](http://success.docker.com/Get_Help/Compatibility_Matrix_and_Maintenance_Lifecycle). + +## Where to go next + +* [UCP architecture](../architecture.md) * [Plan a production installation](plan-production-install.md) -* [Install UCP for production](install-production.md) -* [Install offline](install-offline.md) -* [License UCP](license.md) -* [Upgrade to UCP 2.0](upgrade.md) -* [Uninstall UCP](uninstall.md) diff --git a/datacenter/ucp/2.0/installation/system-requirements.md b/datacenter/ucp/2.0/installation/system-requirements.md deleted file mode 100644 index 3e06f07a19..0000000000 --- a/datacenter/ucp/2.0/installation/system-requirements.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: UCP System requirements -description: Learn about the system requirements for installing Docker Universal Control - Plane. -keywords: -- docker, ucp, architecture, requirements ---- - -Docker Universal Control Plane can be installed on-premises or on the cloud. -Before installing, be sure your infrastructure has these requirements. - -## Hardware and software requirements - -You can install UCP on-premises or on a cloud provider. To install UCP, -all nodes must have: - -* Linux kernel version 3.10 or higher -* CS Docker Engine version 1.12.1 or higher -* 2.00 GB of RAM -* 3.00 GB of available disk space -* A static IP address - -For highly-available installations, you also need a way to transfer files -between hosts. - -## Ports used - -When installing UCP on a host, make sure the following ports are open: - -| Hosts | Direction | Port | Purpose | -|:------------------|:---------:|:------------------------|:----------------------------------------------------------------------------------| -| managers, workers | in | TCP 443 (configurable) | Port for the UCP web UI and API | -| managers | in | TCP 2376 (configurable) | Port for the Docker Swarm manager. Used for backwards compatibility | -| managers, workers | in | TCP 2377 (configurable) | Port for communication between swarm nodes | -| managers, workers | in, out | TCP, UDP 4789 | Port for overlay networking | -| managers, workers | in, out | TCP, UDP 7946 | Port for overlay networking | -| managers, workers | in | TCP 12376 | Port for a TLS proxy that provides access to UCP, Docker Engine, and Docker Swarm | -| managers | in | TCP 12379 | Port for internal node configuration, cluster configuration, and HA | -| managers | in | TCP 12380 | Port for internal node configuration, cluster configuration, and HA | -| managers | in | TCP 12381 | Port for the certificate authority | -| managers | in | TCP 12382 | Port for the UCP certificate authority | -| managers | in | TCP 12383 | Port for the authentication storage backend | -| managers | in | TCP 12384 | Port for the authentication storage backend for replication across managers | -| managers | in | TCP 12385 | Port for the authentication service API | -| managers | in | TCP 12386 | Port for the authentication worker | - -## Compatibility and maintenance lifecycle - -Docker Datacenter is a software subscription that includes 3 products: - -* CS Docker Engine, -* Docker Trusted Registry, -* Docker Universal Control Plane. - -[Learn more about the maintenance lifecycle for these products](http://success.docker.com/Get_Help/Compatibility_Matrix_and_Maintenance_Lifecycle). - -## Where to go next - -* [UCP architecture](../architecture.md) -* [Plan a production installation](plan-production-install.md) diff --git a/datacenter/ucp/2.0/monitor/index.md b/datacenter/ucp/2.0/monitor/index.md index 24ed94cc66..b6dd24f830 100644 --- a/datacenter/ucp/2.0/monitor/index.md +++ b/datacenter/ucp/2.0/monitor/index.md @@ -1,12 +1,85 @@ --- -title: Monitor and troubleshoot UCP -description: Manage, monitor, troubleshoot +title: Monitor your cluster +description: Monitor your Docker Universal Control Plane installation, and learn how + to troubleshoot it. keywords: -- manage, monitor, troubleshoot +- Docker, UCP, troubleshoot --- -This section includes the following topics: +This article gives you an overview of how to monitor your Docker UCP +cluster. Here you'll also find the information you need to troubleshoot +if something goes wrong. + + +## Check the cluster status from the UI + +To monitor your UCP cluster, the first thing to check is the **Nodes** +screen on the UCP web app. + +![UCP dashboard](../images/monitor-ucp-1.png) + +In the nodes screen you can see if all the nodes in the cluster are healthy, or +if there is any problem. + +You can also check the state of individual UCP containers by navigating to the +**Containers** page. By default the Containers screen doesn't display system +containers. On the filter dropdown choose **Show all containers** to see all +the UCP components. + +![UCP dashboard](../images/monitor-ucp-2.png) + +You can click on a container to see more details like configurations and logs. + + +## Check the cluster status from the CLI + +You can also monitor the status of a UCP cluster, using the Docker CLI client. + +1. Get a client certificate bundle. + + When using the Docker CLI client you need to authenticate using client + certificates. + [Learn how to use client certificates](../access-ucp/cli-based-access.md). + + If your client certificate bundle is for a non-admin user, you won't have + permissions to execute all docker commands, or see all information about + the cluster. + +2. Use the `docker info` command to check the cluster status. + + ```bash + $ docker info + + Containers: 11 + Nodes: 2 + ucp: 192.168.99.100:12376 + └ Status: Healthy + ucp-node: 192.168.99.101:12376 + └ Status: Healthy + Cluster Managers: 1 + 192.168.99.104: Healthy + └ Orca Controller: https://192.168.99.100:443 + └ Swarm Manager: tcp://192.168.99.100:3376 + └ KV: etcd://192.168.99.100:12379 + ``` + +3. Check the container logs + + With an admin user certificate bundle, you can run docker commands directly + on the Docker Engine or Swarm Manager of a node. In this example, we are + connecting directly to the Docker Engine running on the UCP controller, and + requesting the logs of the ucp-kv container. + + ```bash + $ docker -H tcp://192.168.99.101:12376 logs ucp-kv + + 2016-04-18 22:40:51.553912 I | etcdserver: start to snapshot (applied: 40004, lastsnap: 30003) + 2016-04-18 22:40:51.561682 I | etcdserver: saved snapshot at index 40004 + 2016-04-18 22:40:51.561927 I | etcdserver: compacted raft log at 35004 + ``` + + +## Where to go next -* [Monitor your cluster](monitor-ucp.md) * [Troubleshoot your cluster](troubleshoot-ucp.md) -* [Troubleshoot cluster configurations](troubleshoot-configurations.md) +* [Get support](../support.md) diff --git a/datacenter/ucp/2.0/monitor/monitor-ucp.md b/datacenter/ucp/2.0/monitor/monitor-ucp.md deleted file mode 100644 index b6dd24f830..0000000000 --- a/datacenter/ucp/2.0/monitor/monitor-ucp.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Monitor your cluster -description: Monitor your Docker Universal Control Plane installation, and learn how - to troubleshoot it. -keywords: -- Docker, UCP, troubleshoot ---- - -This article gives you an overview of how to monitor your Docker UCP -cluster. Here you'll also find the information you need to troubleshoot -if something goes wrong. - - -## Check the cluster status from the UI - -To monitor your UCP cluster, the first thing to check is the **Nodes** -screen on the UCP web app. - -![UCP dashboard](../images/monitor-ucp-1.png) - -In the nodes screen you can see if all the nodes in the cluster are healthy, or -if there is any problem. - -You can also check the state of individual UCP containers by navigating to the -**Containers** page. By default the Containers screen doesn't display system -containers. On the filter dropdown choose **Show all containers** to see all -the UCP components. - -![UCP dashboard](../images/monitor-ucp-2.png) - -You can click on a container to see more details like configurations and logs. - - -## Check the cluster status from the CLI - -You can also monitor the status of a UCP cluster, using the Docker CLI client. - -1. Get a client certificate bundle. - - When using the Docker CLI client you need to authenticate using client - certificates. - [Learn how to use client certificates](../access-ucp/cli-based-access.md). - - If your client certificate bundle is for a non-admin user, you won't have - permissions to execute all docker commands, or see all information about - the cluster. - -2. Use the `docker info` command to check the cluster status. - - ```bash - $ docker info - - Containers: 11 - Nodes: 2 - ucp: 192.168.99.100:12376 - └ Status: Healthy - ucp-node: 192.168.99.101:12376 - └ Status: Healthy - Cluster Managers: 1 - 192.168.99.104: Healthy - └ Orca Controller: https://192.168.99.100:443 - └ Swarm Manager: tcp://192.168.99.100:3376 - └ KV: etcd://192.168.99.100:12379 - ``` - -3. Check the container logs - - With an admin user certificate bundle, you can run docker commands directly - on the Docker Engine or Swarm Manager of a node. In this example, we are - connecting directly to the Docker Engine running on the UCP controller, and - requesting the logs of the ucp-kv container. - - ```bash - $ docker -H tcp://192.168.99.101:12376 logs ucp-kv - - 2016-04-18 22:40:51.553912 I | etcdserver: start to snapshot (applied: 40004, lastsnap: 30003) - 2016-04-18 22:40:51.561682 I | etcdserver: saved snapshot at index 40004 - 2016-04-18 22:40:51.561927 I | etcdserver: compacted raft log at 35004 - ``` - - -## Where to go next - -* [Troubleshoot your cluster](troubleshoot-ucp.md) -* [Get support](../support.md) diff --git a/datacenter/ucp/2.0/overview.md b/datacenter/ucp/2.0/overview.md deleted file mode 100644 index 1a559e39d4..0000000000 --- a/datacenter/ucp/2.0/overview.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Universal Control Plane overview -description: Learn about Docker Universal Control Plane, the enterprise-grade cluster - management solution from Docker. -keywords: -- docker, ucp, overview, orchestration, clustering ---- - -Docker Universal Control Plane (UCP) is the enterprise-grade cluster management -solution from Docker. You install it behind your firewall, and it helps you -manage your whole cluster from a single place. - -![](images/overview-1.png) - -## Centralized cluster management - -Docker UCP can be installed on-premises, or on a virtual private cloud. -And with it, you can manage thousands of nodes as if they were a single one. -You can monitor and manage your cluster using a graphical UI. - -![](images/overview-2.png) - -Since UCP exposes the standard Docker API, you can continue using the tools -you already know, to manage a whole cluster. - -As an example, you can use the `docker info` command to check the -status of the cluster: - -```bash -$ docker info - -Containers: 30 -Images: 24 -Server Version: swarm/1.1.3 -Role: primary -Strategy: spread -Filters: health, port, dependency, affinity, constraint -Nodes: 2 - ucp: 192.168.99.103:12376 - └ Status: Healthy - └ Containers: 20 - ucp-replica: 192.168.99.102:12376 - └ Status: Healthy - └ Containers: 10 -``` - -## Deploy, manage, and monitor - -With Docker UCP you can manage the nodes of your infrastructure. You can also -manage apps, containers, networks, images, and volumes, in a transparent way. - -## Built-in security and access control - -Docker UCP has its own built-in authentication mechanism, and supports LDAP -and Active Directory. It also supports Role Based Access Control (RBAC). -This ensures that only authorized users can access and make changes to cluster. - -![](images/overview-3.png) - -Docker UCP also integrates with Docker Trusted Registry and Docker Content -Trust. This allows you to keep your images stored behind your firewall, -where they are safe. It also allows you to sign those images to ensure that -the images you deploy have not been altered in any way. - -## Where to go next - -* [UCP architecture](architecture.md) -* [Install UCP](installation/install-production.md) diff --git a/datacenter/ucp/2.0/user-management/index.md b/datacenter/ucp/2.0/user-management/index.md deleted file mode 100644 index d5145bcc64..0000000000 --- a/datacenter/ucp/2.0/user-management/index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Manage users in UCP -description: Learn how to manage user permissions on Docker Universal Control Plane. -keywords: -- docker, ucp, management, security, users ---- - -This section includes the following topics: - -* [Authentication and authorization](authentication-and-authorization.md) -* [Create and manage users](create-and-manage-users.md) -* [Create and manage teams](create-and-manage-teams.md) -* [Permission levels](permission-levels.md)