docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update DTR cli reference

This commit is contained in:
Joao Fernandes 2017-07-07 18:55:22 -07:00 committed by Jim Galasyn
parent e10907abd4
commit c4aa4ec28a
10 changed files with 187 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
datacenter/dtr/2.3/reference/cli/backup.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr backup title: docker/dtr backup
keywords: docker, dtr, cli, backup
description: Create a backup of DTR description: Create a backup of DTR
keywords: dtr, cli, backup
--- ---
Create a backup of DTR Create a backup of DTR
@ -37,15 +37,16 @@ Note:
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--existing-replica-id`|The ID of an existing DTR replica| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-username`|Username to use when pulling images| | `--existing-replica-id` | $DTR_REPLICA_ID | The ID of an existing DTR replica.To safely remove a DTR replica from the cluster, the remove command needs to notify a healthy replica about the replica that's about to be removed.. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-password`|The UCP administrator password| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--ucp-username`|The UCP administrator username| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
| `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |

31
datacenter/dtr/2.3/reference/cli/destroy.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr destroy title: docker/dtr destroy
keywords: docker, dtr, cli, destroy
description: Destroy a DTR replica's data description: Destroy a DTR replica's data
keywords: dtr, cli, destroy
--- ---
Destroy a DTR replica's data Destroy a DTR replica's data
@ -16,20 +16,25 @@ docker run -it --rm docker/dtr \
## Description ## Description
This command forcefully removes all containers and volumes associated with the given DTR replica without notifying the rest of the cluster. Use it on all replicas when you want to uninstall DTR. This command forcefully removes all containers and volumes associated with
a DTR replica without notifying the rest of the cluster. Use this command
on all replicas uninstall DTR.
Use the 'remove' command to gracefully scale down your DTR cluster.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--replica-id`|The ID of the replica to destroy| | `--replica-id` | $DTR_DESTROY_REPLICA_ID | The ID of the replica to destroy. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
|`--ucp-username`|The UCP administrator username| | `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |
|`--ucp-password`|The UCP administrator password| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--hub-username`|Username to use when pulling images| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--hub-password`|Password to use when pulling images| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
| `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |

2
datacenter/dtr/2.3/reference/cli/images.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr images title: docker/dtr images
keywords: docker, dtr, cli, images
description: List all the images necessary to install DTR description: List all the images necessary to install DTR
keywords: dtr, cli, images
--- ---
List all the images necessary to install DTR List all the images necessary to install DTR

26
datacenter/dtr/2.3/reference/cli/index.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr overview title: docker/dtr overview
keywords: docker, dtr, install, uninstall, configure
description: Learn about the commands available in the docker/dtr image. description: Learn about the commands available in the docker/dtr image.
keywords: dtr, install, uninstall, configure
--- ---
This tool has commands to install, configure, and backup Docker This tool has commands to install, configure, and backup Docker
@ -22,16 +22,16 @@ docker run -it --rm docker/dtr \
## Commands ## Commands
| Option | Description | | Option | Description |
|:-----------------------------|:---------------------------| |:------------------------------------------|:---------------------------|
|`install`| Install Docker Trusted Registry| |[install](install)| Install Docker Trusted Registry |
|`join`| Add a new replica to an existing DTR cluster| |[join](join)| Add a new replica to an existing DTR cluster |
|`reconfigure`| Change DTR configurations| |[reconfigure](reconfigure)| Change DTR configurations |
|`remove`| Remove a DTR replica from a cluster| |[remove](remove)| Remove a DTR replica from a cluster |
|`destroy`| Destroy a DTR replica's data| |[destroy](destroy)| Destroy a DTR replica's data |
|`restore`| Install and restore DTR from an existing backup| |[restore](restore)| Install and restore DTR from an existing backup |
|`backup`| Create a backup of DTR| |[backup](backup)| Create a backup of DTR |
|`upgrade`| Upgrade DTR 2.0.0 or later cluster to this version| |[upgrade](upgrade)| Upgrade DTR 2.0.0 or later cluster to this version |
|`dumpcerts`| Print the TLS certificates used by DTR| |[dumpcerts](dumpcerts)| Print the TLS certificates used by DTR |
|`images`| List all the images necessary to install DTR| |[images](images)| List all the images necessary to install DTR |

66
datacenter/dtr/2.3/reference/cli/install.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr install title: docker/dtr install
keywords: docker, dtr, cli, install
description: Install Docker Trusted Registry description: Install Docker Trusted Registry
keywords: dtr, cli, install
--- ---
Install Docker Trusted Registry Install Docker Trusted Registry
@ -24,42 +24,42 @@ command.
Example usage: Example usage:
$ docker run -it --rm docker/dtr:2.2.0 install \ $ docker run -it --rm dtr-internal.caas.docker.io/caas/dtr:2.4.0-alpha-008434_ge02413a install \
--ucp-node <UCP_NODE_HOSTNAME> \ --ucp-node <UCP_NODE_HOSTNAME> \
--ucp-insecure-tls --ucp-insecure-tls
Note: We recommend --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a production deployment. Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a production deployment.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--dtr-ca`|Use a PEM-encoded TLS CA certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-ca` | $DTR_CA | Use a PEM-encoded TLS CA certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS CA certificate with --dtr-ca "$(cat ca.pem)". |
|`--dtr-cert`|Use a PEM-encoded TLS certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-cert` | $DTR_CERT | Use a PEM-encoded TLS certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS certificate with --dtr-cert "$(cat ca.pem)". |
|`--dtr-external-url`|URL of the host or load balancer clients use to reach DTR. Format https://host[:port]| | `--dtr-external-url` | $DTR_EXTERNAL_URL | URL of the host or load balancer clients use to reach DTR.When you use this flag, users are redirected to UCP for logging in. Once authenticated they are redirected to the url you specify in this flag. If you don't use this flag, DTR is deployed without single sign-on with UCP. Users and teams are shared but users login separately into the two applications. You can enable and disable single sign-on in the DTR settings. Format https://host[:port], where port is the value you used with --replica-https-port. |
|`--dtr-key`|Use a PEM-encoded TLS private key for DTR. If not provided, one will be generated at install time.| | `--dtr-key` | $DTR_KEY | Use a PEM-encoded TLS private key for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS private key with --dtr-key "$(cat ca.pem)". |
|`--dtr-storage-volume`|Full path or volume name to store Docker images in the local filesystem| | `--dtr-storage-volume` | $DTR_STORAGE_VOLUME | Customize the volume to store Docker images.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify a full path or volume name for DTR to store images. For high-availability, make sure all DTR replicas can read and write data on this volume. If you're using NFS, use --nfs-storage-url instead. |
|`--enable-pprof`|Enables pprof profiling of the server| | `--enable-pprof` | $DTR_PPROF | Enables pprof profiling of the server.Once DTR is deployed with this flag, you can access the pprof endpoint for the api server at /debug/pprof, and the registry endpoint at /registry_debug_pprof/debug/pprof. |
|`--extra-envs`|Environment variables or swarm constraints for DTR containers. Format var=val[&var=val]| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--http-proxy`|The HTTP proxy used for outgoing requests| | `--enzi-host` | $ENZI_HOST | The Enzi host. Format host[:port]. |
|`--https-proxy`|The HTTPS proxy used for outgoing requests| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--hub-username`|Username to use when pulling images| | `--http-proxy` | $DTR_HTTP_PROXY | The HTTP proxy used for outgoing requests. |
|`--log-host`|Endpoint to send logs to, required if --log-protocol is tcp or udp| | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
|`--log-level`|Log level for container logs. Default: INFO| | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
|`--log-protocol`|The protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal| | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
|`--nfs-storage-url`|NFS to store Docker images. Requires NFS client libraries. Format nfs://<ip|hostname>/<mountpoint>| | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
|`--no-proxy`|Don't use a proxy for these domains. Format acme.org[, acme.com]| | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
|`--overlay-subnet`|The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24| | `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
|`--replica-http-port`|The public HTTP port for the DTR replica. Default is 80| | `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. |
|`--replica-https-port`|The public HTTPS port for the DTR replica. Default is 443| | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
|`--replica-id`|Assign an ID to the DTR replica. By default the ID is random| | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-node`|The hostname of the target UCP node. Set to empty string or "_random_" to pick one at random.| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-password`|The UCP administrator password| | `--ucp-node` | $UCP_NODE | The hostname of the UCP node to deploy DTR. Random by default.You can find the hostnames of the nodes in the cluster in the UCP web UI, or by running 'docker node ls' on a UCP manager node.. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--ucp-username`|The UCP administrator username| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
|`--unsafe`|Allow DTR to be installed on any engine version| | `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |

39
datacenter/dtr/2.3/reference/cli/join.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr join title: docker/dtr join
keywords: docker, dtr, cli, join
description: Add a new replica to an existing DTR cluster description: Add a new replica to an existing DTR cluster
keywords: dtr, cli, join
--- ---
Add a new replica to an existing DTR cluster Add a new replica to an existing DTR cluster
@ -19,23 +19,22 @@ For setting DTR for high-availability, create 3, 5, or 7 replicas of DTR.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--existing-replica-id`|The ID of an existing DTR replica| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--extra-envs`|Environment variables or swarm constraints for DTR containers. Format var=val[&var=val]| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--existing-replica-id` | $DTR_REPLICA_ID | The ID of an existing DTR replica.To safely remove a DTR replica from the cluster, the remove command needs to notify a healthy replica about the replica that's about to be removed.. |
|`--hub-username`|Username to use when pulling images| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--replica-http-port`|The public HTTP port for the DTR replica. Default is 80| | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
|`--replica-https-port`|The public HTTPS port for the DTR replica. Default is 443| | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
|`--replica-id`|Assign an ID to the DTR replica. By default the ID is random| | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. |
|`--skip-network-test`|Don't test if overlay networks are working correctly between UCP nodes| | `--skip-network-test` | $DTR_SKIP_NETWORK_TEST | Don't test if overlay networks are working correctly between UCP nodes.For high-availalibity, DTR creates an overlay network between UCP nodes and tests that it is working when joining replicas. Don't use this option for production deployments. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-node`|The hostname of the target UCP node. Set to empty string or "_random_" to pick one at random.| | `--ucp-node` | $UCP_NODE | The hostname of the UCP node to deploy DTR. Random by default.You can find the hostnames of the nodes in the cluster in the UCP web UI, or by running 'docker node ls' on a UCP manager node.. |
|`--ucp-password`|The UCP administrator password| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
|`--ucp-username`|The UCP administrator username| | `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |
|`--unsafe`|Allow DTR to be installed on any engine version| | `--unsafe-join` | $DTR_UNSAFE_JOIN | Join a new replica even if the cluster is unhealthy.Joining replicas to an unhealthy DTR cluster leads to split-brain scenarios, and data loss. Don't use this option for production deployments. |
|`--unsafe-join`|Perform the join despite the cluster containing unhealthy replicas.|

56
datacenter/dtr/2.3/reference/cli/reconfigure.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr reconfigure title: docker/dtr reconfigure
keywords: docker, dtr, cli, reconfigure
description: Change DTR configurations description: Change DTR configurations
keywords: dtr, cli, reconfigure
--- ---
Change DTR configurations Change DTR configurations
@ -24,30 +24,32 @@ time, configure your DTR for high-availability.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--dtr-ca`|Use a PEM-encoded TLS CA certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-ca` | $DTR_CA | Use a PEM-encoded TLS CA certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS CA certificate with --dtr-ca "$(cat ca.pem)". |
|`--dtr-cert`|Use a PEM-encoded TLS certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-cert` | $DTR_CERT | Use a PEM-encoded TLS certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS certificate with --dtr-cert "$(cat ca.pem)". |
|`--dtr-external-url`|URL of the host or load balancer clients use to reach DTR. Format https://host[:port]| | `--dtr-external-url` | $DTR_EXTERNAL_URL | URL of the host or load balancer clients use to reach DTR.When you use this flag, users are redirected to UCP for logging in. Once authenticated they are redirected to the url you specify in this flag. If you don't use this flag, DTR is deployed without single sign-on with UCP. Users and teams are shared but users login separately into the two applications. You can enable and disable single sign-on in the DTR settings. Format https://host[:port], where port is the value you used with --replica-https-port. |
|`--dtr-key`|Use a PEM-encoded TLS private key for DTR. If not provided, one will be generated at install time.| | `--dtr-key` | $DTR_KEY | Use a PEM-encoded TLS private key for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS private key with --dtr-key "$(cat ca.pem)". |
|`--dtr-storage-volume`|Full path or volume name to store Docker images in the local filesystem| | `--dtr-storage-volume` | $DTR_STORAGE_VOLUME | Customize the volume to store Docker images.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify a full path or volume name for DTR to store images. For high-availability, make sure all DTR replicas can read and write data on this volume. If you're using NFS, use --nfs-storage-url instead. |
|`--enable-pprof`|Enables pprof profiling of the server| | `--enable-pprof` | $DTR_PPROF | Enables pprof profiling of the server.Once DTR is deployed with this flag, you can access the pprof endpoint for the api server at /debug/pprof, and the registry endpoint at /registry_debug_pprof/debug/pprof. |
|`--existing-replica-id`|The ID of an existing DTR replica| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--http-proxy`|The HTTP proxy used for outgoing requests| | `--enzi-host` | $ENZI_HOST | The Enzi host. Format host[:port]. |
|`--https-proxy`|The HTTPS proxy used for outgoing requests| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--existing-replica-id` | $DTR_REPLICA_ID | The ID of an existing DTR replica.To safely remove a DTR replica from the cluster, the remove command needs to notify a healthy replica about the replica that's about to be removed.. |
|`--hub-username`|Username to use when pulling images| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--log-host`|Endpoint to send logs to, required if --log-protocol is tcp or udp| | `--http-proxy` | $DTR_HTTP_PROXY | The HTTP proxy used for outgoing requests. |
|`--log-level`|Log level for container logs. Default: INFO| | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
|`--log-protocol`|The protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal| | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
|`--nfs-storage-url`|NFS to store Docker images. Requires NFS client libraries. Format nfs://<ip|hostname>/<mountpoint>| | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
|`--no-proxy`|Don't use a proxy for these domains. Format acme.org[, acme.com]| | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
|`--replica-http-port`|The public HTTP port for the DTR replica. Default is 80| | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
|`--replica-https-port`|The public HTTPS port for the DTR replica. Default is 443| | `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
|`--ucp-password`|The UCP administrator password| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-username`|The UCP administrator username| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
| `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
| `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |

32
datacenter/dtr/2.3/reference/cli/remove.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr remove title: docker/dtr remove
keywords: docker, dtr, cli, remove
description: Remove a DTR replica from a cluster description: Remove a DTR replica from a cluster
keywords: dtr, cli, remove
--- ---
Remove a DTR replica from a cluster Remove a DTR replica from a cluster
@ -16,21 +16,25 @@ docker run -it --rm docker/dtr \
## Description ## Description
This command gracefully scales down your DTR cluster by removing exactly one replica. All other replicas must be healthy and will remain healthy after this operation. This command gracefully scales down your DTR cluster by removing exactly
one replica. All other replicas must be healthy and will remain healthy after
this operation.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--existing-replica-id`|The ID of an existing DTR replica| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-username`|Username to use when pulling images| | `--existing-replica-id` | $DTR_REPLICA_ID | The ID of an existing DTR replica.To safely remove a DTR replica from the cluster, the remove command needs to notify a healthy replica about the replica that's about to be removed.. |
|`--replica-id`|The ID of the replica you want to remove from the cluster| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--replica-id` | $DTR_REMOVE_REPLICA_ID | DEPRECATED Alias for --replica-ids. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--replica-ids` | $DTR_REMOVE_REPLICA_IDS | A comma separated list of IDs of replicas to remove from the cluster. |
|`--ucp-password`|The UCP administrator password| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-username`|The UCP administrator username| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
| `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
| `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |

59
datacenter/dtr/2.3/reference/cli/restore.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr restore title: docker/dtr restore
keywords: docker, dtr, cli, restore
description: Install and restore DTR from an existing backup description: Install and restore DTR from an existing backup
keywords: dtr, cli, restore
--- ---
Install and restore DTR from an existing backup Install and restore DTR from an existing backup
@ -29,32 +29,33 @@ After restoring, you can add more DTR replicas by using the the 'join' command.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--dtr-ca`|Use a PEM-encoded TLS CA certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-ca` | $DTR_CA | Use a PEM-encoded TLS CA certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS CA certificate with --dtr-ca "$(cat ca.pem)". |
|`--dtr-cert`|Use a PEM-encoded TLS certificate for DTR. If not provided, one will be generated at install time.| | `--dtr-cert` | $DTR_CERT | Use a PEM-encoded TLS certificate for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS certificate with --dtr-cert "$(cat ca.pem)". |
|`--dtr-external-url`|URL of the host or load balancer clients use to reach DTR. Format https://host[:port]| | `--dtr-external-url` | $DTR_EXTERNAL_URL | URL of the host or load balancer clients use to reach DTR.When you use this flag, users are redirected to UCP for logging in. Once authenticated they are redirected to the url you specify in this flag. If you don't use this flag, DTR is deployed without single sign-on with UCP. Users and teams are shared but users login separately into the two applications. You can enable and disable single sign-on in the DTR settings. Format https://host[:port], where port is the value you used with --replica-https-port. |
|`--dtr-key`|Use a PEM-encoded TLS private key for DTR. If not provided, one will be generated at install time.| | `--dtr-key` | $DTR_KEY | Use a PEM-encoded TLS private key for DTR.By default DTR generates a self-signed TLS certificate during deployment. You can use your own TLS private key with --dtr-key "$(cat ca.pem)". |
|`--dtr-storage-volume`|Full path or volume name to store Docker images in the local filesystem| | `--dtr-storage-volume` | $DTR_STORAGE_VOLUME | Customize the volume to store Docker images.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify a full path or volume name for DTR to store images. For high-availability, make sure all DTR replicas can read and write data on this volume. If you're using NFS, use --nfs-storage-url instead. |
|`--enable-pprof`|Enables pprof profiling of the server| | `--enable-pprof` | $DTR_PPROF | Enables pprof profiling of the server.Once DTR is deployed with this flag, you can access the pprof endpoint for the api server at /debug/pprof, and the registry endpoint at /registry_debug_pprof/debug/pprof. |
|`--extra-envs`|Environment variables or swarm constraints for DTR containers. Format var=val[&var=val]| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--http-proxy`|The HTTP proxy used for outgoing requests| | `--enzi-host` | $ENZI_HOST | The Enzi host. Format host[:port]. |
|`--https-proxy`|The HTTPS proxy used for outgoing requests| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--hub-username`|Username to use when pulling images| | `--http-proxy` | $DTR_HTTP_PROXY | The HTTP proxy used for outgoing requests. |
|`--log-host`|Endpoint to send logs to, required if --log-protocol is tcp or udp| | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
|`--log-level`|Log level for container logs. Default: INFO| | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
|`--log-protocol`|The protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal| | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
|`--nfs-storage-url`|NFS to store Docker images. Requires NFS client libraries. Format nfs://<ip|hostname>/<mountpoint>| | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
|`--no-proxy`|Don't use a proxy for these domains. Format acme.org[, acme.com]| | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
|`--replica-http-port`|The public HTTP port for the DTR replica. Default is 80| | `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
|`--replica-https-port`|The public HTTPS port for the DTR replica. Default is 443| | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
|`--replica-id`|Assign an ID to the DTR replica. By default the ID is random| | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-node`|The hostname of the target UCP node. Set to empty string or "_random_" to pick one at random.| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-password`|The UCP administrator password| | `--ucp-node` | $UCP_NODE | The hostname of the UCP node to deploy DTR. Random by default.You can find the hostnames of the nodes in the cluster in the UCP web UI, or by running 'docker node ls' on a UCP manager node.. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--ucp-username`|The UCP administrator username| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
| `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |

26
datacenter/dtr/2.3/reference/cli/upgrade.md
View File

@ -1,7 +1,7 @@
--- ---
title: docker/dtr upgrade title: docker/dtr upgrade
keywords: docker, dtr, cli, upgrade
description: Upgrade DTR 2.0.0 or later cluster to this version description: Upgrade DTR 2.0.0 or later cluster to this version
keywords: dtr, cli, upgrade
--- ---
Upgrade DTR 2.0.0 or later cluster to this version Upgrade DTR 2.0.0 or later cluster to this version
@ -21,16 +21,16 @@ This command upgrades DTR 2.0.0 or later to the current version of this image.
## Options ## Options
| Option | Description | | Option | Environment Variable | Description |
|:--------------------------|:---------------------------| |:------------------------------|:--------------------------|:-------------------------------------------------------------------------------------|
|`--debug`|Enable debug mode for additional logging| | `--debug` | $DEBUG | Enable debug mode for additional logs. |
|`--existing-replica-id`|The ID of an existing DTR replica| | `--enzi-ca` | $ENZI_TLS_CA | Use a PEM-encoded TLS CA certificate for Enzi. |
|`--hub-password`|Password to use when pulling images| | `--enzi-insecure-tls` | $ENZI_TLS_INSECURE | Disable TLS verification for Enzi. |
|`--hub-username`|Username to use when pulling images| | `--existing-replica-id` | $DTR_REPLICA_ID | The ID of an existing DTR replica.To safely remove a DTR replica from the cluster, the remove command needs to notify a healthy replica about the replica that's about to be removed.. |
|`--ucp-ca`|Use a PEM-encoded TLS CA certificate for UCP| | `--help-extended` | $DTR_EXTENDED_HELP | Display extended help text for a given command. |
|`--ucp-insecure-tls`|Disable TLS verification for UCP| | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |
|`--ucp-password`|The UCP administrator password| | `--ucp-insecure-tls` | $UCP_INSECURE_TLS | Disable TLS verification for UCP.The installation uses TLS but always trusts the TLS certificate used by UCP, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead. |
|`--ucp-url`|The UCP URL including domain and port| | `--ucp-password` | $UCP_PASSWORD | The UCP administrator password. |
|`--ucp-username`|The UCP administrator username| | `--ucp-url` | $UCP_URL | The UCP URL including domain and port. |
|`--unsafe-upgrade`|Perform the upgrade ignoring version checks.| | `--ucp-username` | $UCP_USERNAME | The UCP administrator username. |