From f66d194883a161f32074a662dbc41358469eea78 Mon Sep 17 00:00:00 2001 From: Traci Morrison Date: Thu, 5 Sep 2019 10:56:16 -0400 Subject: [PATCH 1/3] Add options for this command --- reference/ucp/3.2/cli/backup.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/reference/ucp/3.2/cli/backup.md b/reference/ucp/3.2/cli/backup.md index 76998e0fed..da9b754e3d 100644 --- a/reference/ucp/3.2/cli/backup.md +++ b/reference/ucp/3.2/cli/backup.md @@ -50,3 +50,5 @@ Note: | `--interactive, -i` | Run in interactive mode and prompt for configuration values | | `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | | `--passphrase` *value* | Encrypt the tar file with a passphrase | +| `--include-logs` | If set to false, there is no log file generated, and the backup is the contents of the UCP backup without a log file. | +| `--security-opt label=disable` | If Docker Enterprise Engine has SELinux enabled, include this option to back up UCP. | \ No newline at end of file From c801b1b0cf58ed2c76b908bbae176fba85f028aa Mon Sep 17 00:00:00 2001 From: ollypom Date: Thu, 12 Sep 2019 11:14:02 +0000 Subject: [PATCH 2/3] Added SELinux Example --- reference/ucp/3.2/cli/backup.md | 59 ++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/reference/ucp/3.2/cli/backup.md b/reference/ucp/3.2/cli/backup.md index da9b754e3d..ed8d8be6b2 100644 --- a/reference/ucp/3.2/cli/backup.md +++ b/reference/ucp/3.2/cli/backup.md @@ -9,9 +9,12 @@ Create a backup of a UCP manager node. ## Usage ```bash -docker container run --log-driver none --rm -i \ +docker container run \ + --rm \ + --interactive \ --name ucp \ - -v /var/run/docker.sock:/var/run/docker.sock \ + --log-driver none \ + --volume /var/run/docker.sock:/var/run/docker.sock \ docker/ucp \ backup [command options] > backup.tar ``` @@ -40,15 +43,47 @@ Note: docker run --mount type=bind,src=/home/user/backup:/backup docker/ucp --file /backup/backup.tar ``` +### SELinux + +If you are installing UCP on a manager node with SELinunx enabled at the daemon +and operating system level, you will need to pass `--security-opt +label=disable` in to your install command. This flag will disable SELinux +policies on the installation container. The UCP installation container mounts +and configures the Docker Socket as part of the UCP installation container, +therefore the UCP installation will fail with a permission denied error if you +fail to pass in this flag. + +``` +FATA[0000] unable to get valid Docker client: unable to ping Docker daemon: Got +permission denied while trying to connect to the Docker daemon socket at +unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/_ping: dial +unix /var/run/docker.sock: connect: permission denied - If SELinux is enabled +on the Docker daemon, make sure you run UCP with "docker run --security-opt +label=disable -v /var/run/docker.sock:/var/run/docker.sock ..." +``` + +An installation command for a system with SELinux enabled at the daemon level +would be: + +```bash +docker container run \ + --rm \ + --interactive \ + --name ucp \ + --security-opt label=disable \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + docker/ucp \ + backup [command options] > backup.tar +``` + ## Options -| Option | Description | -|:-----------------------|:------------------------------------------------------------------------------| -| `--debug, -D` | Enable debug mode | -| `--file *value*` | Name of the file to write the backup contents to. Ignored in interactive mode | -| `--jsonlog` | Produce json formatted output for easier parsing | -| `--interactive, -i` | Run in interactive mode and prompt for configuration values | -| `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | -| `--passphrase` *value* | Encrypt the tar file with a passphrase | -| `--include-logs` | If set to false, there is no log file generated, and the backup is the contents of the UCP backup without a log file. | -| `--security-opt label=disable` | If Docker Enterprise Engine has SELinux enabled, include this option to back up UCP. | \ No newline at end of file +| Option | Description | +|:-----------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--debug, -D` | Enable debug mode | +| `--file *value*` | Name of the file to write the backup contents to. Ignored in interactive mode | +| `--jsonlog` | Produce json formatted output for easier parsing | +| `--include-logs` | Only relevant if `--file` is also included. If true, an encrypted `backup.log` file will be stored along side the `backup.tar` in the mounted directory. Default is `true`. | +| `--interactive, -i` | Run in interactive mode and prompt for configuration values | +| `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | +| `--passphrase` *value* | Encrypt the tar file with a passphrase | From 22f8e40cdc632cbc60d3df37e4fac4d7243b232a Mon Sep 17 00:00:00 2001 From: ollypom Date: Mon, 16 Sep 2019 13:28:03 +0000 Subject: [PATCH 3/3] Fixed Nit --- reference/ucp/3.2/cli/backup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/ucp/3.2/cli/backup.md b/reference/ucp/3.2/cli/backup.md index ed8d8be6b2..4b802d0c36 100644 --- a/reference/ucp/3.2/cli/backup.md +++ b/reference/ucp/3.2/cli/backup.md @@ -83,7 +83,7 @@ docker container run \ | `--debug, -D` | Enable debug mode | | `--file *value*` | Name of the file to write the backup contents to. Ignored in interactive mode | | `--jsonlog` | Produce json formatted output for easier parsing | -| `--include-logs` | Only relevant if `--file` is also included. If true, an encrypted `backup.log` file will be stored along side the `backup.tar` in the mounted directory. Default is `true`. | +| `--include-logs` | Only relevant if `--file` is also included. If true, an encrypted `backup.log` file will be stored alongside the `backup.tar` in the mounted directory. Default is `true`. | | `--interactive, -i` | Run in interactive mode and prompt for configuration values | | `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | | `--passphrase` *value* | Encrypt the tar file with a passphrase |