Add daemon.json details to Windows worker config (#113)

* Add daemon.json details * Incorporate feedback * A bit more feedback * Replace notes with sections
2017-07-06 16:02:37 -07:00 · 2017-07-06 16:02:37 -07:00 · c03209fca9
parent 0d2786b1e3
commit c03209fca9
1 changed files with 62 additions and 27 deletions
--- a/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md
+++ b/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md
@ -5,39 +5,42 @@ keywords: UCP, swarm, Windows, cluster
 ---

 UCP supports worker nodes that run on Windows Server 2016. Only worker nodes
-are supported on Windows, and all manager nodes in the swarm must run on Linux.
+are supported on Windows, and all manager nodes in the swarm must run on Linux. 

 Follow these steps to enable a worker node on Windows.

 1.  Install UCP on a Linux distribution.
-2.  Install Docker EE on Windows Server 2016.
+2.  Install Docker Enterprise Edition (*Docker EE*) on Windows Server 2016.
 3.  Configure the Windows node.
 4.  Join the Windows node to the swarm.  

 ## Install UCP

-To install UCP, follow the instructions in 
-[Learn how to install Docker Universal Control Plane on production](/datacenter/ucp/2.2/guides/admin/install/).
+Install UCP on a Linux distribution.
+[Learn how to install UCP on production](../install/index.md).
 UCP requires Docker EE version 17.06 or later.

-For internal development, you need to `docker login` and pull
-the UCP images manually. For Beta, the images will be available publicly.
+>  Internal development
+>
+>  For internal development, you need to `docker login` and pull
+>  the UCP images manually. For Beta, the images will be available publicly.

 ## Install Docker EE on Windows Server 2016

-Install Docker Enterprise Edition (*Docker EE*) on a Windows
-Server 2016 instance to enable joining a swarm that's managed by UCP.
-Follow the instructions in 
-[Install Docker Enterprise Edition for Windows Server 2016](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee).
-For internal development, install the dev binaries in the zip archive at
-[windows/amd64/docker-17.06.0-dev.zip](https://master.dockerproject.org/windows/amd64/docker-17.06.0-dev.zip),
-because you need version 17.06 or later to join a UCP swarm. For Beta, the binaries 
-will be available publicly at [download.docker.com](https://download.docker.com/components/engine/windows-server).
+[Install Docker EE](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee)
+on a Windows Server 2016 instance to enable joining a swarm that's managed by
+UCP.
+
+>  Internal development
+>
+>  For internal development, install the dev binaries in the zip archive at
+>  [windows/amd64/docker-17.06.0-dev.zip](https://master.dockerproject.org/windows/amd64/docker-17.06.0-dev.zip),
+>  because you need version 17.06 or later to join a UCP swarm. For Beta, the binaries 
+>  will be available publicly at [download.docker.com](https://download.docker.com/components/engine/windows-server).

 ## Configure the Windows node

-Follow these steps to configure the docker daemon and the Windows environment to enable
-joining a UCP cluster.
+Follow these steps to configure the docker daemon and the Windows environment.

 1.  Pull the Windows-specific image of `ucp-agent`, which is named `ucp-agent-win`.
 2.  Run the Windows worker setup script provided with `ucp-agent-win`.
@ -49,16 +52,17 @@ On a manager node, run the following command to list the images that are require
 on Windows nodes.

 ```bash
-$ docker run --rm dockerorcadev/ucp:2.2.0-latest images --list --image-version dev: --enable-windows
+$ docker container run --rm dockerorcadev/ucp:2.2.0-latest images --list --image-version dev: --enable-windows
 dockerorcadev/ucp-agent-win:2.2.0-5213679
 dockerorcadev/ucp-dsinfo-win:2.2.0-5213679
 ```

 On Windows Server 2016, in a PowerShell terminal running as Administrator,
-login to Docker Hub with the `docker login` command and pull the listed images. 
+log in to Docker Hub with the `docker login` command and pull the listed images. 

 ```ps
 PS> docker pull dockerorcadev/ucp-agent-win:2.2.0-5213679
+PS> docker pull dockerorcadev/ucp-dsinfo-win:2.2.0-5213679
 ```

 ### Run the Windows node setup script
@ -70,20 +74,54 @@ for the Docker daemon to communicate securely. Run this command:
 PS> docker run --rm dockerorcadev/ucp-agent-win:2.2.0-5213679 windows-script | powershell -noprofile -noninteractive -command 'Invoke-Expression -Command $input'
 ```

-The Windows node is ready to join the swarm.
+The Windows node is ready to join the swarm. Run the setup script on each
+instance of Windows Server that will be a worker node.
+
+>  Internal development
+>
+>  For internal development, you need to
+>  [run these commands manually](#configure-a-windows-worker-node-manually), 
+>  because the script assumes access to public images. You need to be logged in
+>  to Docker Hub.
+
+### Compatibility with daemon.json 
+
+The script may be incompatible with installations that use a config file at
+`C:\ProgramData\docker\config\daemon.json`. If you use such a file, make sure
+that the daemon runs on port 2376 and that it uses certificates located in
+`C:\ProgramData\docker\daemoncerts`. If certificates don't exist in this
+directory, run `ucp-agent-win generate-certs`, as shown in Step 2 of the 
+[Set up certs for the dockerd service](#set-up-certs-for-the-dockerd-service)
+procedure.
+
+In the daemon.json file, set the `tlscacert`, `tlscert`, and `tlskey` options
+to the corresponding files in `C:\ProgramData\docker\daemoncerts`:
+
+```json
+{
+...
+		"debug":     true,
+		"tls":       true,
+		"tlscacert": "C:\ProgramData\docker\daemoncerts\ca.pem",
+		"tlscert":   "C:\ProgramData\docker\daemoncerts\cert.pem",
+		"tlskey":    "C:\ProgramData\docker\daemoncerts\key.pem",
+		"tlsverify": true,
+...
+}
+```

 ## Join the Windows node to the swarm

 Now you can join the UCP cluster by using the `docker swarm join` command that's
-provided by the UCP web UI. For more info, see
-[Join worker nodes](/datacenter/ucp/2.2/guides/admin/install/#step-7-join-worker-nodes).
+provided by the UCP web UI. [Learn to add nodes to your swarm](scale-your-cluster.md).
 The command looks similar to the following.

 ```ps
 PS> docker swarm join --token <token> <ucp-manager-ip>
 ```

-Run the setup script on each instance of Windows Server that will be a worker node.
+Run the `docker swarm join` command on each instance of Windows Server that
+will be a worker node.

 ## Configure a Windows worker node manually  

@ -91,9 +129,6 @@ The following sections describe how to run the commands in the setup script
 manually to configure the `dockerd` service and the Windows environment.
 The script opens ports in the firewall and sets up certificates for `dockerd`.

->**Note**: For internal development, you need to run these commands manually, 
-because the script assumes access to public images. You need to be logged in to Docker Hub.
-
 To see the script, you can run the `windows-script` command without piping
 to the `Invoke-Expression` cmdlet.

@ -134,8 +169,8 @@ PS> netsh advfirewall firewall add rule name="docker_proxy" dir=in action=allow

 The `dockerd` service and the Windows environment are now configured to join a UCP swarm.

->**Tip:** If the TLS certificates aren't set up correctly, the UCP web UI shows the
->following warning.
+> **Tip:** If the TLS certificates aren't set up correctly, the UCP web UI shows the
+> following warning.

 ```
 Node WIN-NOOQV2PJGTE is a Windows node that cannot connect to its local Docker daemon.