From c03209fca961552cb53ad4d23bca711bc2af642f Mon Sep 17 00:00:00 2001 From: Jim Galasyn Date: Thu, 6 Jul 2017 16:02:37 -0700 Subject: [PATCH] Add daemon.json details to Windows worker config (#113) * Add daemon.json details * Incorporate feedback * A bit more feedback * Replace notes with sections --- .../configure/join-windows-worker-nodes.md | 89 +++++++++++++------ 1 file changed, 62 insertions(+), 27 deletions(-) diff --git a/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md b/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md index 664ee72b75..7d5f741926 100644 --- a/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md +++ b/datacenter/ucp/2.2/guides/admin/configure/join-windows-worker-nodes.md @@ -5,39 +5,42 @@ keywords: UCP, swarm, Windows, cluster --- UCP supports worker nodes that run on Windows Server 2016. Only worker nodes -are supported on Windows, and all manager nodes in the swarm must run on Linux. +are supported on Windows, and all manager nodes in the swarm must run on Linux. Follow these steps to enable a worker node on Windows. 1. Install UCP on a Linux distribution. -2. Install Docker EE on Windows Server 2016. +2. Install Docker Enterprise Edition (*Docker EE*) on Windows Server 2016. 3. Configure the Windows node. 4. Join the Windows node to the swarm. ## Install UCP -To install UCP, follow the instructions in -[Learn how to install Docker Universal Control Plane on production](/datacenter/ucp/2.2/guides/admin/install/). +Install UCP on a Linux distribution. +[Learn how to install UCP on production](../install/index.md). UCP requires Docker EE version 17.06 or later. -For internal development, you need to `docker login` and pull -the UCP images manually. For Beta, the images will be available publicly. +> Internal development +> +> For internal development, you need to `docker login` and pull +> the UCP images manually. For Beta, the images will be available publicly. ## Install Docker EE on Windows Server 2016 -Install Docker Enterprise Edition (*Docker EE*) on a Windows -Server 2016 instance to enable joining a swarm that's managed by UCP. -Follow the instructions in -[Install Docker Enterprise Edition for Windows Server 2016](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee). -For internal development, install the dev binaries in the zip archive at -[windows/amd64/docker-17.06.0-dev.zip](https://master.dockerproject.org/windows/amd64/docker-17.06.0-dev.zip), -because you need version 17.06 or later to join a UCP swarm. For Beta, the binaries -will be available publicly at [download.docker.com](https://download.docker.com/components/engine/windows-server). +[Install Docker EE](/docker-ee-for-windows/install/#using-a-script-to-install-docker-ee) +on a Windows Server 2016 instance to enable joining a swarm that's managed by +UCP. + +> Internal development +> +> For internal development, install the dev binaries in the zip archive at +> [windows/amd64/docker-17.06.0-dev.zip](https://master.dockerproject.org/windows/amd64/docker-17.06.0-dev.zip), +> because you need version 17.06 or later to join a UCP swarm. For Beta, the binaries +> will be available publicly at [download.docker.com](https://download.docker.com/components/engine/windows-server). ## Configure the Windows node -Follow these steps to configure the docker daemon and the Windows environment to enable -joining a UCP cluster. +Follow these steps to configure the docker daemon and the Windows environment. 1. Pull the Windows-specific image of `ucp-agent`, which is named `ucp-agent-win`. 2. Run the Windows worker setup script provided with `ucp-agent-win`. @@ -49,16 +52,17 @@ On a manager node, run the following command to list the images that are require on Windows nodes. ```bash -$ docker run --rm dockerorcadev/ucp:2.2.0-latest images --list --image-version dev: --enable-windows +$ docker container run --rm dockerorcadev/ucp:2.2.0-latest images --list --image-version dev: --enable-windows dockerorcadev/ucp-agent-win:2.2.0-5213679 dockerorcadev/ucp-dsinfo-win:2.2.0-5213679 ``` On Windows Server 2016, in a PowerShell terminal running as Administrator, -login to Docker Hub with the `docker login` command and pull the listed images. +log in to Docker Hub with the `docker login` command and pull the listed images. ```ps PS> docker pull dockerorcadev/ucp-agent-win:2.2.0-5213679 +PS> docker pull dockerorcadev/ucp-dsinfo-win:2.2.0-5213679 ``` ### Run the Windows node setup script @@ -70,20 +74,54 @@ for the Docker daemon to communicate securely. Run this command: PS> docker run --rm dockerorcadev/ucp-agent-win:2.2.0-5213679 windows-script | powershell -noprofile -noninteractive -command 'Invoke-Expression -Command $input' ``` -The Windows node is ready to join the swarm. +The Windows node is ready to join the swarm. Run the setup script on each +instance of Windows Server that will be a worker node. + +> Internal development +> +> For internal development, you need to +> [run these commands manually](#configure-a-windows-worker-node-manually), +> because the script assumes access to public images. You need to be logged in +> to Docker Hub. + +### Compatibility with daemon.json + +The script may be incompatible with installations that use a config file at +`C:\ProgramData\docker\config\daemon.json`. If you use such a file, make sure +that the daemon runs on port 2376 and that it uses certificates located in +`C:\ProgramData\docker\daemoncerts`. If certificates don't exist in this +directory, run `ucp-agent-win generate-certs`, as shown in Step 2 of the +[Set up certs for the dockerd service](#set-up-certs-for-the-dockerd-service) +procedure. + +In the daemon.json file, set the `tlscacert`, `tlscert`, and `tlskey` options +to the corresponding files in `C:\ProgramData\docker\daemoncerts`: + +```json +{ +... + "debug": true, + "tls": true, + "tlscacert": "C:\ProgramData\docker\daemoncerts\ca.pem", + "tlscert": "C:\ProgramData\docker\daemoncerts\cert.pem", + "tlskey": "C:\ProgramData\docker\daemoncerts\key.pem", + "tlsverify": true, +... +} +``` ## Join the Windows node to the swarm Now you can join the UCP cluster by using the `docker swarm join` command that's -provided by the UCP web UI. For more info, see -[Join worker nodes](/datacenter/ucp/2.2/guides/admin/install/#step-7-join-worker-nodes). +provided by the UCP web UI. [Learn to add nodes to your swarm](scale-your-cluster.md). The command looks similar to the following. ```ps PS> docker swarm join --token ``` -Run the setup script on each instance of Windows Server that will be a worker node. +Run the `docker swarm join` command on each instance of Windows Server that +will be a worker node. ## Configure a Windows worker node manually @@ -91,9 +129,6 @@ The following sections describe how to run the commands in the setup script manually to configure the `dockerd` service and the Windows environment. The script opens ports in the firewall and sets up certificates for `dockerd`. ->**Note**: For internal development, you need to run these commands manually, -because the script assumes access to public images. You need to be logged in to Docker Hub. - To see the script, you can run the `windows-script` command without piping to the `Invoke-Expression` cmdlet. @@ -134,8 +169,8 @@ PS> netsh advfirewall firewall add rule name="docker_proxy" dir=in action=allow The `dockerd` service and the Windows environment are now configured to join a UCP swarm. ->**Tip:** If the TLS certificates aren't set up correctly, the UCP web UI shows the ->following warning. +> **Tip:** If the TLS certificates aren't set up correctly, the UCP web UI shows the +> following warning. ``` Node WIN-NOOQV2PJGTE is a Windows node that cannot connect to its local Docker daemon.