docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7686 from docker/backport-fixes 

Backport fixes
This commit is contained in:
Maria Bermudez 2018-11-14 16:08:33 -08:00 committed by GitHub
parent b06c4585c3 7790abf09b
commit 69534ba858
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
datacenter/dtr/2.5/guides/index.md
View File

@ -21,9 +21,9 @@ firewall.
You can use DTR as part of your continuous integration, and continuous
delivery processes to build, ship, and run your applications.
DTR has a web based user interface that allows authorized users in your
organization to browse docker images. It provides information about
who pushed what image at what time. It even allows you to see what dockerfile
DTR has a web user interface that allows authorized users in your
organization to browse Docker images. It provides information about
who pushed what image at what time. It even allows you to see what Dockerfile
lines were used to produce the image and, if security scanning is enabled, to
see a list of all of the software installed in your images.
@ -35,27 +35,27 @@ and metadata such that if a machine fails, DTR continues to operate and can be r
## Efficiency
DTR has the ability to [cache images closer to users](admin/configure/deploy-caches/index.md)
to reduce the amount of bandwidth used during docker pulls.
to reduce the amount of bandwidth used when pulling Docker images.
DTR has the ability to [clean up unreferenced manifests and layers](admin/configure/garbage-collection.md).
## Built-in access control
DTR uses the same authentication mechanism as Docker Universal Control Plane.
Users can be managed manually or synched from LDAP or Active Directory. DTR
Users can be managed manually or synchronized from LDAP or Active Directory. DTR
uses [Role Based Access Control](admin/manage-users/index.md) (RBAC) to allow you to implement fine-grained
access control policies for who has access to your Docker images.
access control policies for your Docker images.
## Security scanning
DTR has a built in security scanner that can be used to discover what versions
DTR has a built-in security scanner that can be used to discover what versions
of software are used in your images. It scans each layer and aggregates the
results to give you a complete picture of what you are shipping as a part of
your stack. Most importantly, it co-relates this information with a
vulnerability database that is kept up to date through
[periodic updates](admin/configure/set-up-vulnerability-scans.md). This
gives you
[unprecedented insight into your exposure to known security threats](user/manage-images/scan-images-for-vulnerabilities.md).
your stack. Most importantly, it correlates this information with a
vulnerability database that is kept up to date through [periodic
updates](admin/configure/set-up-vulnerability-scans.md). This
gives you [unprecedented insight into your exposure to known security
threats](user/manage-images/scan-images-for-vulnerabilities.md).
## Image signing
@ -69,3 +69,4 @@ the [DTR-specific notary documentation](user/manage-images/sign-images/index.md)
* [DTR architecture](architecture.md)
* [Install DTR](admin/install/index.md)

19
ee/dtr/index.md
View File

@ -8,7 +8,7 @@ Docker Trusted Registry (DTR) is the enterprise-grade image storage solution
from Docker. You install it behind your firewall so that you can securely store
and manage the Docker images you use in your applications.
## Image management
## Image and job management
DTR can be installed on-premises, or on a virtual private
cloud. And with it, you can store your Docker images securely, behind your
@ -17,11 +17,10 @@ firewall.
You can use DTR as part of your continuous integration, and continuous
delivery processes to build, ship, and run your applications.
DTR has a web based user interface that allows authorized users in your
organization to browse docker images. It provides information about
who pushed what image at what time. It even allows you to see what dockerfile
DTR has a web user interface that allows authorized users in your
organization to browse Docker images and [review repository events](/ee/dtr/user/audit-repository-events/). It even allows you to see what Dockerfile
lines were used to produce the image and, if security scanning is enabled, to
see a list of all of the software installed in your images.
see a list of all of the software installed in your images. Additionally, you can now [review and audit jobs on the web interface](/ee/dtr/admin/manage-jobs/audit-jobs-via-ui/).
## Availability
@ -31,23 +30,23 @@ and metadata such that if a machine fails, DTR continues to operate and can be r
## Efficiency
DTR has the ability to [cache images closer to users](admin/configure/deploy-caches/index.md)
to reduce the amount of bandwidth used during docker pulls.
to reduce the amount of bandwidth used when pulling Docker images.
DTR has the ability to [clean up unreferenced manifests and layers](admin/configure/garbage-collection.md).
## Built-in access control
DTR uses the same authentication mechanism as Docker Universal Control Plane.
Users can be managed manually or synched from LDAP or Active Directory. DTR
Users can be managed manually or synchronized from LDAP or Active Directory. DTR
uses [Role Based Access Control](admin/manage-users/index.md) (RBAC) to allow you to implement fine-grained
access control policies for who has access to your Docker images.
access control policies for your Docker images.
## Security scanning
DTR has a built in security scanner that can be used to discover what versions
DTR has a built-in security scanner that can be used to discover what versions
of software are used in your images. It scans each layer and aggregates the
results to give you a complete picture of what you are shipping as a part of
your stack. Most importantly, it co-relates this information with a
your stack. Most importantly, it correlates this information with a
vulnerability database that is kept up to date through [periodic
updates](admin/configure/set-up-vulnerability-scans.md). This
gives you [unprecedented insight into your exposure to known security

2
ee/dtr/release-notes.md
View File

@ -30,7 +30,7 @@ to upgrade your installation to the latest release.
* Web Interface
* Online garbage collection is no longer an experimental feature. Users can now write to DTR and push images during garbage collection. [Learn about garbage collection](/ee/dtr/admin/configure/garbage-collection/).
* Repository admins can now enable tag pruning for every repository that they manage by adding a pruning policy or setting a tag limit. [Learn about tag pruning](/ee/dtr/user/tag-pruning).
* Users can now review and audit repository events on the web interface with the addition of the **Activity** tab on each repository.[Learn about repository event audits](/ee/dtr/user/audit-repository-events/).
* Users can now review and audit repository events on the web interface with the addition of the **Activity** tab on each repository. [Learn about repository event audits](/ee/dtr/user/audit-repository-events/).
* DTR admins can now enable auto-deletion of repository events based on specified conditions. [Learn about repository event auto-deletion](/ee/dtr/admin/configure/auto-delete-repo-events/).
* DTR admins can now review and audit jobs on the web interface with the addition of **Job Logs** within System settings. [Learn about job audits on the web interface](/ee/dtr/admin/manage-jobs/audit-jobs-via-ui/).
* DTR admins can now enable auto-deletion of job logs based on specified conditions. [Learn about job log auto-deletion](/ee/dtr/admin/manage-jobs/auto-delete-job-logs/).

32
ee/dtr/user/audit-repository-events.md
View File

@ -6,14 +6,14 @@ keywords: dtr, events, log, activity stream
## Overview
Starting in DTR 2.6, each repository page includes an **Activity** tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your [repository permission level](../../admin/manage-users/permission-levels/). Additionally, DTR admins can [enable auto-deletion of repository events](../../admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
Starting in DTR 2.6, each repository page includes an **Activity** tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your [repository permission level](/ee/dtr/admin/manage-users/permission-levels/). Additionally, DTR admins can [enable auto-deletion of repository events](/ee/dtr/admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
In the following section, we will show you how to view and audit the list of events in a repository. We will also cover the event types associated with your permission level.
## View List of Events
As of DTR 2.3, admins were able to view a list of DTR events [using the API](../../../../datacenter/dtr/2.3/reference/api/#!/events/GetEvents). DTR 2.6 enhances that feature by showing a permission-based events list for each repository page on the web interface. To view the list of events within a repository, do the following:
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
As of DTR 2.3, admins were able to view a list of DTR events [using the API](/datacenter/dtr/2.3/reference/api/#!/events/GetEvents). DTR 2.6 enhances that feature by showing a permission-based events list for each repository page on the web interface. To view the list of events within a repository, do the following:
1. Navigate to `https://<dtr-url>` and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
@ -21,7 +21,7 @@ As of DTR 2.3, admins were able to view a list of DTR events [using the API](../
* If you're a repository or a DTR admin, uncheck "Exclude pull" to view pull events. This should give you a better understanding of who is consuming your images.
* To update your event view, select a different time filter from the drop-down list.
![](../../images/manage-repo-events-0.png){: .img-fluid .with-border}
![](/ee/dtr/images/manage-repo-events-0.png){: .img-fluid .with-border}
### Activity Stream
@ -31,12 +31,12 @@ The following table breaks down the data included in an event and uses the highl
| Event Detail | Description | Example |
|:----------------|:-------------------------------------------------|:--------|
| Label | Friendly name of the event. | `Create Promotion Policy`
| Repository | This will always be the repository in review following the `<user-or-org>/<repository_name>` convention outlined in [Create a Repository](../manage-images/#create-a-repository). | `test-org/test-repo-1` |
| Repository | This will always be the repository in review following the `<user-or-org>/<repository_name>` convention outlined in [Create a Repository](/ee/dtr/user/manage-images/#create-a-repository). | `test-org/test-repo-1` |
| Tag | Tag affected by the event, when applicable. | `test-org/test-repo-1:latest` where `latest` is the affected tag|
| SHA | The [digest value](../../../../registry/spec/api/#content-digests) for `CREATE` operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| SHA | The [digest value](/registry/spec/api/#content-digests) for `CREATE` operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| Type | Event type. Possible values are: `CREATE`, `GET`, `UPDATE`, `DELETE`, `SEND`, `FAIL` and `SCAN` | `CREATE` |
| Initiated by | The actor responsible for the event. For user-initiated events, this will reflect the user ID and link to that user's profile. For image events triggered by a policy &ndash; pruning, pull / push mirroring, or promotion &ndash; this will reflect the relevant policy ID except for manual promotions where it reflects `PROMOTION MANUAL_P`, and link to the relevant policy page. Other event actors may not include a link. | `PROMOTION CA5E7822` |
| Date and Time | When the event happened in your configured time zone. | `9/13/2018 9:59 PM` |
| Date and Time | When the event happened in your configured time zone. | 2018 9:59 PM` |
### Event Audits
@ -44,18 +44,18 @@ Given the level of detail on each event, it should be easy for DTR and security
### Event Permissions
For more details on different permission levels within DTR, see [Authentication and authorization in DTR](../../admin/manage-users/) to understand the minimum level required to view the different repository events.
For more details on different permission levels within DTR, see [Authentication and authorization in DTR](/ee/dtr/admin/manage-users/) to understand the minimum level required to view the different repository events.
| Repository Event | Description | Minimum Permission Level |
|:----------------|:---------------------------------------------------| :----------------|
| Push | Refers to "Create Manifest" and "Update Tag" events. Learn more about [pushing images](../manage-images/pull-and-push-images/#push-the-image). | Authenticated Users |
| Scan | Requires [security scanning to be set up](../../admin/configure/set-up-vulnerability-scans/) by a DTR admin. Once enabled, this will display as a `SCAN` event type. | Authenticated Users |
| Promotion | Refers to a "Create Promotion Policy" event which links to the **Promotions** tab of the repository where you can edit the existing promotions. See [Promotion Policies](../promotion-policies/) for different ways to promote an image. | Repository Admin |
| Delete | Refers to "Delete Tag" events. Learn more about [deleting images](../manage-images/delete-images). | Authenticated Users |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](../manage-images/pull-and-push-images/#pull-an-image). | Repository Admin |
| Mirror |Refers to "Pull mirroring" and "Push mirroring" events. See [Mirror images to another registry](../promotion-policies/#mirror-images-to-another-registry) and [Mirror images from another registry](../promotion-policies/#mirror-images-from-another-registry) for more details. | Repository Admin |
| Create repo | Refers to "Create Repository" events. See [Create a repository](../manage-images/) for more details. | Authenticated Users |
| Push | Refers to "Create Manifest" and "Update Tag" events. Learn more about [pushing images](/ee/dtr/user/manage-images/pull-and-push-images/#push-the-image). | Authenticated Users |
| Scan | Requires [security scanning to be set up](/ee/dtr/admin/configure/set-up-vulnerability-scans/) by a DTR admin. Once enabled, this will display as a `SCAN` event type. | Authenticated Users |
| Promotion | Refers to a "Create Promotion Policy" event which links to the **Promotions** tab of the repository where you can edit the existing promotions. See [Promotion Policies](/ee/dtr/user/promotion-policies/) for different ways to promote an image. | Repository Admin |
| Delete | Refers to "Delete Tag" events. Learn more about [deleting images](/ee/dtr/user/manage-images/delete-images). | Authenticated Users |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](/ee/dtr/user/manage-images/pull-and-push-images/#pull-an-image). | Repository Admin |
| Mirror |Refers to "Pull mirroring" and "Push mirroring" events. See [Mirror images to another registry](/ee/dtr/user/promotion-policies/#mirror-images-to-another-registry) and [Mirror images from another registry](/ee/dtr/user/promotion-policies/#mirror-images-from-another-registry) for more details. | Repository Admin |
| Create repo | Refers to "Create Repository" events. See [Create a repository](/ee/dtr/user/manage-images/) for more details. | Authenticated Users |
## Where to go next
- [Enable auto-deletion of repository events](../../admin/configure/auto-delete-repo-events.md)
- [Enable auto-deletion of repository events](/ee/dtr/admin/configure/auto-delete-repo-events.md)