Update DDC screenshots, christmas cleaning

css/documentation.css

@@ -418,3 +418,7 @@ span.reading-time {
 
 span.reading-time-label {
 }
+
+img.with-border {
+  border: 1px solid #eaeaea;
+}

datacenter/install/linux.md

@@ -64,9 +64,10 @@ for any necessary configuration values.
 ### Step 4: License your installation
 
 Now that UCP is installed, you need to license it. In your browser, navigate
-to the UCP web UI and upload your license.
+to the UCP web UI, login with your administrator credentials and upload your
+license.
 
-![](../images/try-ddc-1.png)
+![](../images/try-ddc-1.png){: .with-border}
 
 [Get a free trial license if you don't have one](https://store.docker.com/bundles/docker-datacenter).
 
@@ -76,11 +77,11 @@ Join more nodes so that you can manage them from UCP.
 Go to the **UCP web UI**, navigate to the **Resources** page, and go to
 the **Nodes** section.
 
-![](../images/try-ddc-2.png)
+![](../images/try-ddc-2.png){: .with-border}
 
 Click the **Add Node button** to add a new node.
 
-![](../images/try-ddc-3.png)
+![](../images/try-ddc-3.png){: .with-border}
 
 
 Check the 'Add node as a manager' option to join the node as a manager

datacenter/ucp/2.0/guides/access-ucp/cli-based-access.md

@@ -29,7 +29,7 @@ controller node.
 To download a client certificate bundle, log into the **UCP web UI**, and
 navigate to your user **profile page**.
 
-![](../images/cli-based-access-1.png)
+![](../images/cli-based-access-1.png){: .with-border}
 
 Click the **Create a Client Bundle** button, to download the certificate bundle.
 

datacenter/ucp/2.0/guides/access-ucp/index.md

@@ -7,7 +7,7 @@ title: Web-based access
 Docker Universal Control Plane allows you to manage your cluster in a visual
 way, from your browser.
 
-![](../images/overview-1.png)
+![](../images/web-based-access-1.png){: .with-border}
 
 
 Docker UCP secures your cluster with role-based access control. From the
@@ -17,7 +17,7 @@ browser, Administrators can:
 * Manage the permissions of users and teams,
 * See all images, networks, volumes, and containers.
 
-![](../images/overview-3.png)
+![](../images/web-based-access-2.png){: .with-border}
 
 Non-admin users can only see and change the images, networks, volumes, and
 containers, they are granted access.

datacenter/ucp/2.0/guides/applications/deploy-app-cli.md

@@ -80,7 +80,7 @@ In this example, WordPress was deployed to 172.31.18.153:8000. Navigate to
 this address in your browser, to start using the WordPress app you just
 deployed.
 
-![](../images/deploy-app-cli-1.png)
+![](../images/deploy-app-cli-1.png){: .with-border}
 
 ## Where to go next
 

datacenter/ucp/2.0/guides/applications/index.md

@@ -14,7 +14,7 @@ WordPress application.
 In your browser, **log in** to UCP, and navigate to the **Applications** page.
 There, click the **Deploy compose.yml** button, to deploy a new application.
 
-![](../images/deploy-app-ui-1.png)
+![](../images/deploy-app-ui-1.png){: .with-border}
 
 The WordPress application we're going to deploy is composed of two services:
 
@@ -54,25 +54,25 @@ Name the application 'wordpress', and paste the docker-compose.yml definition.
 You can also upload a docker-compose.yml file from your machine, by clicking on
 the 'Upload an existing docker-compose.yml' link.
 
-![](../images/deploy-app-ui-2.png)
+![](../images/deploy-app-ui-2.png){: .with-border}
 
 Click the **Create** button, to create the WordPress application.
 
 Once UCP deploys the WordPress application, you can
 **click on the wordpress_wordpress_1** container, to see its details.
 
-![](../images/deploy-app-ui-3.png)
+![](../images/deploy-app-ui-3.png){: .with-border}
 
 In the container details page, search for the **Ports** the container is
 exposing.
 
-![](../images/deploy-app-ui-4.png)
+![](../images/deploy-app-ui-4.png){: .with-border}
 
 In this example, WordPress can be accessed at `172.31.18.152:8000`.
 Navigate to this address in your browser, to start using the WordPress app you
 just deployed.
 
-![](../images/deploy-app-ui-5.png)
+![](../images/deploy-app-ui-5.png){: .with-border}
 
 
 ## Limitations
@@ -85,7 +85,7 @@ Compose keywords are not supported:
 * dockerfile
 * env_file
 
-![](../images/deploy-app-ui-6.png)
+![](../images/deploy-app-ui-6.png){: .with-border}
 
 To overcome these limitations, you can
 [deploy your apps from the CLI](deploy-app-cli.md).

datacenter/ucp/2.0/guides/configuration/configure-logs.md

@@ -14,7 +14,7 @@ You can configure UCP for sending logs to a remote logging service:
 3. Set the information about your logging server, and click
 **Enable Remote Logging**
 
-![](../images/settings-log.png)
+![](../images/configure-logs-1.png){: .with-border}
 
 ## Example: Setting up an ELK stack
 

datacenter/ucp/2.0/guides/configuration/integrate-with-ldap.md

@@ -14,7 +14,7 @@ To configure UCP to authenticate users using an LDAP service, go to
 the **UCP web UI**, navigate to the **Settings** page, and click the **Auth**
 tab.
 
-![](../images/ldap-integration-1.png)
+![](../images/ldap-integration-1.png){: .with-border}
 
 Then configure your LDAP integration.
 
@@ -82,7 +82,6 @@ Once you've configure the LDAP integration, UCP synchronizes users based on the
 interval you've defined. When the synchronization runs, UCP stores logs that
 can help you troubleshoot when something goes wrong.
 
-![](../images/ldap-integration-2.png)
 
 You can also manually synchronize users by clicking the **Sync Now** button.
 

datacenter/ucp/2.0/guides/index.md

@@ -10,7 +10,7 @@ solution from Docker. You install it on-premises or in your virtual private
 cloud, and it helps you manage your Docker cluster and applications from a
 single place.
 
-![](images/overview-1.png)
+![](images/overview-1.png){: .with-border}
 
 ## Centralized cluster management
 
@@ -21,7 +21,7 @@ by Docker to make it easier to manage your cluster from a centralized place.
 
 You can manage and monitor your container cluster using a graphical UI.
 
-![](images/overview-2.png)
+![](images/overview-2.png){: .with-border}
 
 Since UCP exposes the standard Docker API, you can continue using the tools
 you already know, including the Docker CLI client, to deploy and manage your
@@ -61,7 +61,7 @@ Docker UCP has its own built-in authentication mechanism and integrates with
 LDAP services. It also has Role Based Access Control (RBAC), so that you can
 control who can access and make changes to your cluster and applications.
 
-![](images/overview-3.png)
+![](images/overview-3.png){: .with-border}
 
 Docker UCP integrates with Docker Trusted Registry so that you can keep the
 Docker images you use for your applications behind your firewall, where they

datacenter/ucp/2.0/guides/installation/index.md

@@ -59,7 +59,7 @@ To install UCP:
 
 2.  Run the following command:
 
-    ```bash
+    ```none
     # Pull the latest version of UCP
     $ docker pull docker/ucp:latest
 
@@ -79,9 +79,10 @@ To install UCP:
 ## Step 5: License your installation
 
 Now that UCP is installed, you need to license it. In your browser, navigate
-to the UCP web UI and upload your license.
+to the UCP web UI, login with your administrator credentials and upload your
+license.
 
-![](../images/install-production-1.png)
+![](../images/install-production-1.png){: .with-border}
 
 If you don't have a license yet, [learn how to get a free trial license](license.md).
 
@@ -98,11 +99,11 @@ for worker nodes to execute.
 To join manager nodes to the swarm, go to the **UCP web UI**, navigate to
 the **Resources** page, and go to the **Nodes** section.
 
-![](../images/install-production-2.png)
+![](../images/install-production-2.png){: .with-border}
 
 Click the **Add Node button** to add a new node.
 
-![](../images/install-production-3.png)
+![](../images/install-production-3.png){: .with-border}
 
 Check the 'Add node as a manager' to turn this node into a manager and replicate
 UCP for high-availability.
@@ -116,7 +117,7 @@ can reach it.
 For each manager node that you want to join to UCP, login into that
 node using ssh, and run the join command that is displayed on UCP.
 
-![](../images/install-production-4.png)
+![](../images/install-production-4.png){: .with-border}
 
 After you run the join command in the node, the node starts being displayed
 in UCP.

datacenter/ucp/2.0/guides/installation/license.md

@@ -12,7 +12,7 @@ installation. Here's how to do it.
 Go to [Docker Store](https://store.docker.com/bundles/docker-datacenter) and
 download your UCP license or get a free trial license.
 
-![](../images/license-ucp-1.png)
+![](../images/license-ucp-1.png){: .with-border}
 
 
 ## License your installation
@@ -23,7 +23,7 @@ page**.
 
 On the **License** page you can upload the new license.
 
-![](../images/license-ucp-2.png)
+![](../images/license-ucp-2.png){: .with-border}
 
 Click **Upload License** for the changes to take effect.
 

datacenter/ucp/2.0/guides/installation/scale-your-cluster.md

@@ -33,11 +33,11 @@ manager or worker:
 To add join nodes to the cluster, go to the **UCP web UI**, navigate to
 the **Resources** page, and go to the **Nodes** section.
 
-![](../images/scale-your-cluster-1.png)
+![](../images/scale-your-cluster-1.png){: .with-border}
 
 Click the **Add Node button** to add a new node.
 
-![](../images/scale-your-cluster-2.png)
+![](../images/scale-your-cluster-2.png){: .with-border}
 
 Check the 'Add node as a manager' option if you want to add the node as manager.
 Also, set the 'Use a custom listen address' option to specify the IP of the
@@ -46,7 +46,7 @@ host that you'll be joining to the cluster.
 Then you can copy the command displayed, use ssh to **log into the host** that
 you want to join to the cluster, and **run the command** on that host.
 
-![](../images/scale-your-cluster-3.png)
+![](../images/scale-your-cluster-3.png){: .with-border}
 
 After you run the join command in the node, the node starts being displayed
 in UCP.
@@ -62,6 +62,8 @@ so that it is:
 * Drained: the node won't receive new tasks. Existing tasks are stopped and
 replica tasks are launched in active nodes.
 
+![](../images/scale-your-cluster-4.png){: .with-border}
+
 If you're load-balancing user requests to UCP across multiple manager nodes,
 when demoting those nodes into workers, don't forget to remove them from your
 load-balancing pool.

datacenter/ucp/2.0/guides/monitor/index.md

@@ -5,78 +5,65 @@ keywords: Docker, UCP, troubleshoot
 title: Monitor your cluster
 ---
 
-This article gives you an overview of how to monitor your Docker UCP
-cluster. Here you'll also find the information you need to troubleshoot
-if something goes wrong.
-
+This article gives you an overview of how to monitor your Docker UCP.
 
 ## Check the cluster status from the UI
 
 To monitor your UCP cluster, the first thing to check is the **Nodes**
 screen on the UCP web app.
 
-![UCP dashboard](../images/monitor-ucp-1.png)
+![UCP dashboard](../images/monitor-ucp-1.png){: .with-border}
 
 In the nodes screen you can see if all the nodes in the cluster are healthy, or
 if there is any problem.
 
-You can also check the state of individual UCP containers by navigating to the
-**Containers** page. By default the Containers screen doesn't display system
-containers. On the filter dropdown choose **Show all containers** to see all
-the UCP components.
+If you're an administrator you can also check the state and logs of the
+UCP internal services.
 
-![UCP dashboard](../images/monitor-ucp-2.png)
+To check the state of the `ucp-agent` service, navigate to the **Services** page
+and toggle the **Show system services** option.
 
-You can click on a container to see more details like configurations and logs.
+![](../images/monitor-ucp-2.png){: .with-border}
 
+The `ucp-agent` service monitors the node where it is running, deploys other
+UCP internal components, and ensures they keep running. The UCP components that
+are deployed on a node, depend on whether the node is a manager or worker.
+[Learn more about the UCP architecture](../architecture.md)
+
+To check the state and logs of other UCP internal components, go to the
+**Containers** page, and appply the **System containers** filter.
+This can help validate that all UCP internal components are up and running.
+
+![](../images/monitor-ucp-3.png){: .with-border}
+
+It's normal for the `ucp-reconcile` to be stopped. This container only runs when
+the `ucp-agent` detects that a UCP internal component should be running but for
+some reason it's not. In this case the `ucp-agent` starts the `ucp-reconcile`
+service to start all UCP services that need to be running. Once that is done,
+the `ucp-agent` stops.
 
 ## Check the cluster status from the CLI
 
-You can also monitor the status of a UCP cluster, using the Docker CLI client.
+You can also monitor the status of a UCP cluster using the Docker CLI client.
+There are two ways to do this, using a
+[client certificate bundle](../access-ucp/cli-based-access.md), or logging into
+one of the manager nodes using ssh.
 
-1. Get a client certificate bundle.
+Then you can use regular Docker CLI commands to check the status and logs
+of the [UCP internal services and containers](../architecture.md).
 
-    When using the Docker CLI client you need to authenticate using client
-    certificates.
-    [Learn how to use client certificates](../access-ucp/cli-based-access.md).
+## Automated status checking
 
-    If your client certificate bundle is for a non-admin user, you won't have
-    permissions to execute all docker commands, or see all information about
-    the cluster.
+You can use the `https://<ucp-url>/_ping` endpoint to perform automated
+monitoring tasks. When you access this endpoint, UCP validates that all its
+internal components are working, and returns the following HTTP error codes:
 
-2.  Use the `docker info` command to check the cluster status.
-
-    ```bash
-    $ docker info
-
-    Containers: 11
-    Nodes: 2
-     ucp: 192.168.99.100:12376
-      └ Status: Healthy
-     ucp-node: 192.168.99.101:12376
-      └ Status: Healthy
-    Cluster Managers: 1
-     192.168.99.104: Healthy
-      └ Orca Controller: https://192.168.99.100:443
-      └ Swarm Manager: tcp://192.168.99.100:3376
-      └ KV: etcd://192.168.99.100:12379
-    ```
-
-3.  Check the container logs
-
-    With an admin user certificate bundle, you can run docker commands directly
-    on the Docker Engine or Swarm Manager of a node. In this example, we are
-    connecting directly to the Docker Engine running on the UCP controller, and
-    requesting the logs of the ucp-kv container.
-
-    ```bash
-    $ docker -H tcp://192.168.99.101:12376 logs ucp-kv
-
-    2016-04-18 22:40:51.553912 I | etcdserver: start to snapshot (applied: 40004, lastsnap: 30003)
-    2016-04-18 22:40:51.561682 I | etcdserver: saved snapshot at index 40004
-    2016-04-18 22:40:51.561927 I | etcdserver: compacted raft log at 35004
-    ```
+* 200, if all components are healthy
+* 500, if one or more components are not healthy
 
+If you're accessing this endpoint through a load balancer, you'll have no way to
+know which UCP manager node is not healthy. So make sure you make a request
+directly to each manager node.
 
 ## Where to go next
 

datacenter/ucp/2.0/guides/monitor/troubleshoot.md

@@ -16,7 +16,7 @@ page of UCP. By default the UCP system containers are hidden. Click the
 **Show all containers** option for the UCP system containers to be listed as
 well.
 
-![](../images/troubleshoot-ucp-1.png)
+![](../images/troubleshoot-ucp-1.png){: .with-border}
 
 You can click on a container to see more details like its configurations and
 logs.

datacenter/ucp/2.0/guides/user-management/create-and-manage-teams.md

@@ -13,32 +13,20 @@ A team defines the permissions users have for resources that have the label
 To create a new team, go to the **UCP web UI**, and navigate to the
 **Users & Teams** page.
 
-![](../images/create-and-manage-teams-1.png)
+![](../images/create-and-manage-teams-1.png){: .with-border}
 
-Click the **Create** button to create a new team.
+Click the **Create** button to create a new team, and assign it a name.
 
-![](../images/create-and-manage-teams-2.png)
-
-Give a name to the team, and choose if the team is managed by UCP, or
-discovered from an LDAP service:
-
-* Managed: You'll manage the team and manually define the users that are part
-of the team.
-* Discovered: When integrating with an LDAP service, you can map a team to
-an LDAP group. When a user is added to the LDAP group, it is automatically added
-to the UCP team.
+![](../images/create-and-manage-teams-2.png){: .with-border}
 
 ## Add users to a team
 
-If you've created a managed team, you can now add and remove users from the
-team.
+You can now add and remove users from the team.
 Navigate to the **Members** tab, and click the **Add User to Team** button.
 Then choose the list of users that you want to add to the team.
 
-![](../images/create-and-manage-teams-3.png)
+![](../images/create-and-manage-teams-3.png){: .with-border}
 
-If you've created a discovered team, users are automatically added and removed
-from the team the next time UCP synchronizes with the LDAP server.
 
 ## Manage team permissions
 
@@ -46,11 +34,12 @@ To manage the permissions of the team, click the **Permissions** tab.
 Here you can specify a list of labels and the permission level users will have
 for resources with those labels.
 
-![](../images/create-and-manage-teams-4.png)
+![](../images/create-and-manage-teams-4.png){: .with-border}
 
 In the example above, members of the 'Operations' team have permissions to
 create and edit resources that have the labels
-`com.docker.ucp.access.label=crm` or `com.docker.ucp.access.label=billing`.
+`com.docker.ucp.access.label=operations` applied, but can only view resources
+that have the `com.docker.ucp.access.label=blog` label.
 
 There are four permission levels available:
 

datacenter/ucp/2.0/guides/user-management/create-and-manage-users.md

@@ -12,11 +12,11 @@ cluster.
 To create a new user, go to the **UCP web UI**, and navigate to the
 **Users & Teams** page.
 
-![](../images/create-users-1.png)
+![](../images/create-users-1.png){: .with-border}
 
 Click the **Create User** button, and fill-in the user information.
 
-![](../images/create-users-2.png)
+![](../images/create-users-2.png){: .with-border}
 
 Check the 'Is a UCP admin' option, if you want to grant permissions for the
 user to change cluster configurations. Also, assign the user with a default