docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1371 from carolfh/dtr143 

files ready for dtr 143 review
This commit is contained in:
moxiegirl 2016-02-22 16:26:35 -08:00
parent f619118063 563efc2287
commit ce2a40afdb
10 changed files with 313 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/repo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

30
cse-prior-release-notes.md
View File

@ -13,6 +13,36 @@ weight=103
This document contains the previous versions of the commercially supported
Docker Engine release notes. It includes issues, fixes, and new features.
## CS Engine 1.9.0
(12 November 2015)
Highlighted feature summary:
* Network Management and Plugins. Networks are now first class objects that can be listed, created, deleted, inspected, and connected to or disconnected from a
container. They can be manipulated outside of the container themselves and are
fully manageable on its own lifecycle. You can also use plugins to extend
network functionality.
* Docker, Inc. now provides support for the in-box Overlay (for cross-host networking) and Bridge network plugins. You can find more information about how
to manage networks and using network plugins in the [documentation](https://docs.docker.com/engine/userguide/networking/dockernetworks/).
* Volume Management and Plugins. Volumes also become discrete, manageable objects in Docker. Volumes can be listed, created, deleted, and inspected.
Similar to networks, they have their own managed lifecycle outside of the
container. Plugins allow others to write and extend the functionality of volumes
or provide integration with other types of storage.
* The in-box volume driver is included and supported. You can find more information about how to manage volumes and using volume plugins in the
documentation.
* Docker Content Trust. Use Content Trust to both verify the integrity and the publisher of all the data received from a registry over any channel. Content Trust is currently only supported using Docker Hub notary servers.
* Updated the release cadence of the CS Docker Engine. Starting with this version, Docker supports **every** major release of Docker Engine from open
source with three releases under support at one time. This means youll be able
to take advantage of the latest and greatest features and you wont have to wait
for a supported release to take advantage of a specific feature.
Refer to the [detailed list](https://github.com/docker/docker/releases) of all changes since the release of CS Engine 1.6.
## CS Engine 1.6.2-cs7
(12 October 2015)

37
cse-release-notes.md
View File

@ -25,6 +25,13 @@ cannot be adopted as quickly for consistency and compatibility reasons.
These notes refer to the current and immediately prior releases of the
CS Engine. For notes on older versions, see the [CS Engine prior release notes archive](cse-prior-release-notes.md).
## CS Engine 1.10.2-cs1
(22 February 2016)
In this release the CS Engine is supported on SUSE Linux Enterprise 12 OS.
Refer to the [detailed list](https://github.com/docker/docker/releases) of all changes since the release of CS Engine 1.9.1.
## CS Engine 1.9.1-cs3
(6 January 2016)
@ -57,33 +64,3 @@ Starting with this release, upgrading minor versions, for example, from 1.9.0 to
You can refer to the detailed list of all changes since the release of CS Engine
1.9.0
https://github.com/docker/docker/releases.
## CS Engine 1.9.0
(12 November 2015)
Highlighted feature summary:
* Network Management and Plugins. Networks are now first class objects that can be listed, created, deleted, inspected, and connected to or disconnected from a
container. They can be manipulated outside of the container themselves and are
fully manageable on its own lifecycle. You can also use plugins to extend
network functionality.
* Docker, Inc. now provides support for the in-box Overlay (for cross-host networking) and Bridge network plugins. You can find more information about how
to manage networks and using network plugins in the [documentation](https://docs.docker.com/engine/userguide/networking/dockernetworks/).
* Volume Management and Plugins. Volumes also become discrete, manageable objects in Docker. Volumes can be listed, created, deleted, and inspected.
Similar to networks, they have their own managed lifecycle outside of the
container. Plugins allow others to write and extend the functionality of volumes
or provide integration with other types of storage.
* The in-box volume driver is included and supported. You can find more information about how to manage volumes and using volume plugins in the
documentation.
* Docker Content Trust. Use Content Trust to both verify the integrity and the publisher of all the data received from a registry over any channel. Content Trust is currently only supported using Docker Hub notary servers.
* Updated the release cadence of the CS Docker Engine. Starting with this version, Docker supports **every** major release of Docker Engine from open
source with three releases under support at one time. This means youll be able
to take advantage of the latest and greatest features and you wont have to wait
for a supported release to take advantage of a specific feature.
Refer to the [detailed list](https://github.com/docker/docker/releases) of all changes since the release of CS Engine 1.6.

BIN
images/repo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

11
install/install-csengine.md
View File

@ -11,7 +11,10 @@ parent="workw_dtr_install"
This document describes the process of installing the commercially supported
Docker Engine (CS Engine). Installing the CS Engine is a prerequisite for
installing Docker Trusted Registry and/or the Universal Control Plane (UCP). Follow these instructions if you are installing the CS Engine on physical or cloud infrastructures.
installing Docker Trusted Registry and/or the Universal Control Plane (UCP).
Follow these instructions if you are installing the CS Engine on physical or
cloud infrastructures.
You first install the CS Engine before you install Docker Trusted Registry.
However, if you are upgrading, you reverse that order and upgrade the Trusted
@ -24,11 +27,13 @@ using an Amazon Machine Image (AMI). For more information, read the [installatio
The CS Engine is supported on the following operating systems:
* [CentOS 7.1/7.2 & RHEL 7.0/7.1 (YUM-based systems)](#install-on-centos-7-1-rhel-7-0-7-1-yum-based-systems)
* [Ubuntu 14.04 LTS](#install-on-ubuntu-14-04-lts)
* [SUSE Linux Enterprise 12](#install-on-suse-linux-enterprise-12-3)
## Install on CentOS 7.1/7.2 & RHEL 7.0/7.1 (YUM-based systems)
## Install CentOS 7.1/7.2 & RHEL 7.0/7.1 (YUM-based systems)
This section explains how to install on CentOS 7.1/7.2 & RHEL 7.0/7.1. Only
these versions are supported. CentOS 7.0 is **not** supported. On RHEL,
@ -51,6 +56,7 @@ to update its RHEL kernel.
version of the CS Engine. Each time you either install or upgrade, ensure that
you are requesting the version and the OS that you want.
```
$ sudo yum-config-manager --add-repo https://packages.docker.com/1.10/yum/repo/main/centos/7
```
@ -145,6 +151,7 @@ you are requesting the version and the OS that you want.
Log out and log back in to have your new permissions take effect.
## Install on SUSE Linux Enterprise 12.3
1. Log into the system as a user with root or sudo permissions.

189
install/install-dtr-offline.md Normal file
View File

@ -0,0 +1,189 @@
+++
title = "Install the Trusted Registry offline"
description = "Install the Trusted Registry offline"
keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, offline, Trusted Registry, registry"]
[menu.main]
parent="workw_dtr_install"
+++
# Install the Trusted Registry offline
This document describes the process of obtaining, installing, and securing
Docker Trusted Registry offline. Since your system is not connected to the internet, there will be no notifications regarding upgrading either the CS Engine or the Trusted Registry. You will also not be able to link from the Trusted Registry UI to our documentation except for the API documentation. Docker recommends that you contact customer support to obtain the latest information.
For more information about installing, read the
[installation overview](index.md) to understand your options.
## Prerequisites
Docker Trusted Registry runs on the following 64-bit platforms:
* Ubuntu 14.04 LTS
* RHEL 7.0 and 7.1
* CentOS 7.1
* SUSE Linux Enterprise 12
Docker Trusted Registry requires the latest commercially supported Docker Engine (CS Engine), running on a supported host.
The Docker daemon listens to the Unix socket (the default) so that it can be
bind-mounted into the Trusted Registry management containers. This allows
Trusted Registry to manage itself and its updates. For this reason, the host you
install on needs internet connectivity so it can access the updates.
Additionally, your host needs to have TCP ports `80` and `443` available for the
Docker Trusted Registry container port mapping.
Installing Trusted Registry requires that you have a login to Docker Hub (or the
user-name of an administrator of the Hub organization that obtained an
Enterprise license. If you already installed CS Engine, you should already have a [Hub account](https://hub.docker.com).
Also, you must have a license for Docker Trusted Registry. This license allows
you to run both Docker Trusted Registry and CS Engine. Before installing,
[purchase a license or sign up for a free, 30 day trial license](https://hub.docker.com/enterprise/).
## Install Docker Trusted Registry
Trusted Registry is a self-installing application built and distributed using
Docker and the [Docker Hub](https://hub.docker.com/). You install Docker Trusted
Registry by running the "docker/trusted-registry" container. Once installed, it
is able to restart and reconfigure itself using the Docker socket that is
bind-mounted to this container.
1. Since you are retrieving a large file, use the `wget` command in your command line to get the Trusted Registry files. The following command is an example getting DTR 1.4.3. Ensure to get your correct version.
`wget https://packages.docker.com/dtr/1.4/dtr-1.4.3.tar`
2. After downloading, move the `tar` file to the offline machine you want to install the Trusted Registry.
3. On that machine, verify that the CS Engine is installed. If it is not, see the [CS Engine install directions](install-csengine.md).
`$ docker --version`
> **Note:** To remain compliant with your Docker Trusted Registry support agreement, you **must** use the current version of commercially supported Docker Engine. Running the open source version of Engine is **not** supported.
5. Open a terminal window on that machine and load the `tar` file using the following command. Again, ensure you get the correct version.
`$ sudo docker load < dtr-1.4.3.tar`
6. Install the Trusted Registry with the following command:
`$ sudo bash -c "$(sudo docker run docker/trusted-registry install)"`
> **Note**: `sudo` is needed for `docker/trusted-registry` commands to
> ensure that the Bash script is run with full access to the Docker host.
The command runs the registry's containers from the images you loaded in the previous step. You will know that you successfully installed by the following in part:
Image is up to date for docker/trusted-registry:1.4.3
```
Checking for required image: docker/trusted-registry-distribution:v2.2.1
Checking for required image: postgres:9.4.1
...
INFO [1.4.3-003501_g657863b] Attempting to connect to docker engine dockerHost="unix:///var/run/docker.sock"
INFO [1.4.3-003501_g657863b] Running install command
INFO [1.4.3-003501_g657863b] Running pull command
INFO [1.4.3-003501_g657863b] Using links? false
INFO [1.4.3-003501_g657863b] DTR Network created
Bringing up docker_trusted_registry_postgres.
Creating container docker_trusted_registry_postgres with docker daemon unix:///var/run/docker.sock
Starting container docker_trusted_registry_postgres with docker daemon unix:///var/run/docker.sock
...
Bringing up docker_trusted_registry_log_aggregator.
Creating container docker_trusted_registry_log_aggregator with docker daemon unix:///var/run/docker.sock
Starting container docker_trusted_registry_log_aggregator with docker daemon unix:///var/run/docker.sock
Bringing up docker_trusted_registry_auth_server.
Creating container docker_trusted_registry_auth_server with docker daemon unix:///var/run/docker.sock
Starting container docker_trusted_registry_auth_server with docker daemon unix:///var/run/docker.sock
Bringing up docker_trusted_registry_postgres.
Creating container docker_trusted_registry_postgres with docker daemon unix:///var/run/docker.sock
Container already exists for daemon at unix:///var/run/docker.sock: docker_trusted_registry_postgres
Starting container docker_trusted_registry_postgres with docker daemon unix:///var/run/docker.sock
Container docker_trusted_registry_postgres is already running for daemon at unix:///var/run/docker.sock
```
5. Use `docker ps` to list all the running containers.
The listing should show the following were started:
* `docker_trusted_registry_load_balancer`
* `docker_trusted_registry_image_storage_0`
* `docker_trusted_registry_image_storage_1`
* `docker_trusted_registry_admin_server`
* `docker_trusted_registry_log_aggregator`
* `docker_trusted_registry_auth_server`
* `docker_trusted_registry_postgres`
6. Enter the `https://<host-ip>/` your browser's address bar to run the Trusted Registry interface.
Your browser warns you that this is an unsafe site, with a self-signed,
untrusted certificate. This is normal and expected; allow this connection
temporarily.
## Set the Trusted Registry domain name
The Docker Trusted Registry Administrator site will also warn that the "Domain Name" is not set.
1. Select "Settings" from the global nav bar at the top of the page, and then set the "Domain Name" to the full host-name of your Docker Trusted Registry server.
2. Click the "Save and Restart Docker Trusted Registry Server" button to generate a new certificate, which will be used
by both the Docker Trusted Registry Administrator web interface and the Docker Trusted Registry server.
3. After the server restarts, you will again need to allow the connection to the untrusted Docker Trusted Registry web admin site.
4. You see a warning notification that this instance of Docker Trusted Registry is unlicensed. You'll correct this in the next section.
## Apply your license
The Docker Trusted Registry services will not start until you apply your license.
To do that, you'll first download your license from the Docker Hub and then
upload it to your Docker Trusted Registry web admin server. Follow these steps:
1. If needed, log back into the [Docker Hub](https://hub.docker.com)
using the user-name you used when obtaining your license. Under your name, go to Settings to display the Account Settings page. Click the Licenses submenu to display the Licenses page.
2. There is a list of available licenses. Click the download button to
obtain the license file you want.
3. Go to your Docker Trusted Registry instance in your browser, click Settings in the global nav bar. Click License in the Settings nav bar. Click the Choose File button. It opens a standard file browser. Locate and select the license file you downloaded in the previous step. Approve the selection to close the dialog.
4. Click Save and restart. Docker Trusted Registry quits and then restarts with the applied the license.
5. Verify the acceptance of the license by confirming that the "Unlicensed copy"
warning is no longer present.
## Secure the Trusted Registry
Securing Docker Trusted Registry is **required**. You will not be able to push
or pull from Docker Trusted Registry until you secure it.
There are several options and methods for securing Docker Trusted Registry. For
more information, see the [configuration documentation](../configuration.md#security)
## Push and pull images
You have your Trusted Registry configured with a "Domain Name" and your
client Docker daemons configured with the required security settings. But
before you can test your setup by pushing an image, you need to create a repository first. Follow the instructions for [Using Docker
Trusted Registry to Push and pull images](../userguide.md) to create a repository and to push and pull images.
## Docker Trusted Registry web interface and registry authentication
By default, there is no authentication set on either the Docker Trusted Registry
web admin interface or the Docker Trusted Registry. You can restrict access
using an in-Docker Trusted Registry configured set of users (and passwords), or
you can configure Docker Trusted Registry to use LDAP based authentication.
See [Docker Trusted Registry Authentication settings](../configuration.md#authentication) for more details.
## See also
* To configure for your environment, see the
[configuration instructions](../configuration.md).
* To use Docker Trusted Registry, see [the User guide](../userguide.md).
* To make administrative changes, see [the Admin guide](../adminguide.md).
* To see previous changes, see [the release notes](../release-notes.md).

10
install/install-dtr.md
View File

@ -115,7 +115,7 @@ bind-mounted to this container.
* `docker_trusted_registry_auth_server`
* `docker_trusted_registry_postgres`
6. Enter the `https://<host-ip>/`` your browser;s address bar to run the Trusted Registry interface.
6. Enter the `https://<host-ip>/` your browser's address bar to run the Trusted Registry interface.
Your browser warns you that this is an unsafe site, with a self-signed,
untrusted certificate. This is normal and expected; allow this connection
@ -164,10 +164,10 @@ more information, see the [configuration documentation](../configure/configurati
## Push and pull images
Now that you have Docker Trusted Registry configured with a "Domain Name" and
have your client Docker daemons configured with the required security settings,
you can test your setup by following the instructions for [Using Docker Trusted
Registry to Push and pull images](../userguide.md).
You have your Trusted Registry configured with a "Domain Name" and your
client Docker daemons configured with the required security settings. But
before you can test your setup by pushing an image, you need to create a repository first. Follow the instructions for [Using Docker
Trusted Registry to Push and pull images](../userguide.md) to create a repository and to push and pull images.
## Docker Trusted Registry web interface and registry authentication

53
install/upgrade.md
View File

@ -17,7 +17,8 @@ Registry, that you also upgrade to the latest CS Engine.
The CS Engine has three upgrade paths which are described in this document:
* [**Legacy**: versions 1.6.x to 1.9.x onwards](#upgrade-legacy-to-the-latest-version")
* [**Legacy**: versions 1.6.x to 1.9.x onwards](#upgrade-legacy-to-latest-version")
* [**Major to major upgrades**: versions 1.9.0 to 1.10.x](#upgrade-major-to-major-versions")
* [**Minor to minor upgrades**: versions 1.10 to 1.10.x](#upgrade-minor-to-minor-versions")
@ -47,6 +48,33 @@ Available and an enabled button displays Update to version X.X.X.
The Dashboard displays a message that the upgrade successfully completed and that you need to upgrade to the latest CS Engine.
## Upgrade Docker Trusted Registry offline
To upgrade the Trusted Registry offline, perform the following steps:
1. Since you are retrieving a large file, use the `wget` command in your command line to get the Trusted Registry files. The following command is an example getting DTR 1.4.3. Ensure to get your correct version.
`wget https://packages.docker.com/dtr/1.4/dtr-1.4.3.tar`
2. After downloading, move the `tar` file to the offline machine you want to install the Trusted Registry.
3. On that machine, verify that the CS Engine is installed. If it is not, see the [CS Engine install directions](install-csengine.md).
`$ docker --version`
> **Note:** To remain compliant with your Docker Trusted Registry support agreement, you **must** use the current version of commercially supported Docker Engine. Running the open source version of Engine is **not** supported.
5. Open a terminal window on that machine and load the `tar` file using the following command. Again, ensure you get the correct version.
`$ sudo docker load < dtr-1.4.3.tar`
6. Upgrade the Trusted Registry with the following command:
`$ sudo bash -c "$(docker run dockerhubenterprise/trusted-registry-dev upgrade latest)"`
> **Note**: `sudo` is needed for `docker/trusted-registry` commands to
> ensure that the Bash script is run with full access to the Docker host.
### What is updated in the Trusted Registry?
The Trusted Registry pulls new container images from Docker Hub. Then it deploys those containers. Finally, it stops and removes the old containers.
@ -55,6 +83,7 @@ If the CS Engine is upgraded first, then the Trusted Registry can still be
upgraded from a command line by running the following command. Ensure to put the
correct version that you want.
```
$ sudo bash -c "$(sudo docker run docker/trusted-registry:1.3.3 upgrade 1.4.3)"
```
@ -117,12 +146,7 @@ Engine, and install the new version.
$ sudo systemctl start docker.service
```
7. Verify that the CS Engine is running:
`$ sudo docker info`
8. Now you can restart the Trusted Registry.
7. Now you can restart the Trusted Registry.
```
$ sudo bash -c "$(sudo docker run docker/trusted-registry restart)"
@ -171,17 +195,12 @@ Engine, and install the new version.
* ubuntu-wily (Ubuntu 15.10)
6. Install the new package:
6. Install the upgraded package:
`$ sudo apt-get update && sudo apt-get install docker-engine`
`$ sudo apt-get upgrade docker-engine`
7. Verify that the CS Engine is running:
`$ sudo docker info`
8. Restart the Trusted Registry:
7. Restart the Trusted Registry:
`$ sudo bash -c "$(sudo docker run docker/trusted-registry restart)"`
@ -194,7 +213,6 @@ system.
#### CentOS 7.1 & RHEL 7.0/7.1 (YUM-based systems)
1. Add the repository. Notice in the following code that it gets the latest version of the CS Engine. Each time you either install or upgrade, ensure that the you are requesting the version and the OS that you want.
```
@ -302,7 +320,6 @@ steps depending on your type of system.
#### Ubuntu 14.04 LTS (APT-based systems)
1. Update your `docker-engine` package:
`$ sudo apt-get update && sudo apt-get upgrade docker-engine`
@ -312,7 +329,6 @@ steps depending on your type of system.
`$ sudo docker info`
3. Restart the Trusted Registry:
`$ sudo bash -c "$(sudo docker run docker/trusted-registry restart)"`
#### SUSE Enterprise 12.3
@ -329,7 +345,6 @@ steps depending on your type of system.
`$ sudo bash -c "$(sudo docker run docker/trusted-registry restart)"`
## See also
* To configure for your environment, see the

29
release-notes.md
View File

@ -1,5 +1,5 @@
+++
title = "Docker Trusted Registry release notes"
title = "Trusted Registry release notes"
description = "Docker Trusted Registry release notes "
keywords = ["docker, documentation, about, technology, understanding, enterprise, hub, registry, release notes, Docker Trusted Registry"]
[menu.main]
@ -18,6 +18,33 @@ for the Docker Trusted Registry.
These notes refer to the current and immediately prior releases of Docker
Trusted Registry. For notes on older versions, see the [prior release notes archive](prior-release-notes.md).
# Docker Trusted Registry 1.4.3
(22 February 2016)
The Trusted Registry is supported on SUSE Linux Enterprise 12 OS.
This release addresses the following issues in Docker Trusted Registry 1.4.2.
* Improved the Trusted Registry UI response when performing certain operations with a large set of users.
* Created a new Trusted Registry screen where image tags in a repository are displayed. This fixed the issue where long image tags were truncated in the UI.
* You can now download the Trusted Registry for offline installation. Refer to the documentation.
* Corrected an issue where if the Trusted Registry was set to a non default port, users couldnt push images to it.
* Improved LDAP configuration. There are now additional user search filters in the Trust Registry UI. The location is Settings > Auth. Select LDAP authentication method. The filters are:
* `UsernameAttrIsEmail`
* `ScopeOneLevel`
* Fixed an issue where the Trusted Registry correctly updates team members after an LDAP sync. This removed duplication of users if they were moved to a different team.
* Previously, if you started the Trusted Registry 1.4.2 with CS Engine 1.7.0 onwards, it might not start because `docker` might start the Trusted Registry containers in an order that makes [links impossible to create](https://github.com/docker/docker/issues/17118). Using CS Engine 1.9 and later with the latest Trusted Registry includes creation of a custom network that allows all containers to connect to each other without links. This means that every time the Trusted Registry starts up, there should be no error.
Also, when you upgrade CS Engine from 1.6 to 1.9 and the Trusted Registry admin server starts, it checks if it's running with links enabled. If that happens, the Trusted Registry restarts everything, creating the new network if necessary and removing the links, replacing them with a custom "dtr" network.
# Docker Trusted Registry 1.4.2
(21 December 2015)

11
userguide.md
View File

@ -18,6 +18,7 @@ go to the [Administrator's Guide](adminguide.md).
Task you can do:
* View organizations, repositories, and team members through the Trusted Registry user interface.
* Create repositories if you have read-write permissions.
* Tag an image so that it can later be removed from the Trusted Registry repository. See the [documentation](soft-garbage.md) for deleting an image.
* Push tags
* Pull tags
@ -32,6 +33,16 @@ Depending on your permissions, you can use the Trusted Registry user interface t
For specifics on this feature, see the [account management](accounts.md) documentation.
## Create a repository
If you have read-write permissions, you can create a repository. You will need to create one if you have installed the Trusted Registry and you want to test your installation by pushing an image to a repository.
1. In the Trusted Registry UI, navigate to Repositories and click New repository.
![Repo screen</admin/settings#http>](images/repo.png)
2. Enter a name, select visibility, and click Save.
## Push and pull overview
One of your main activities you do in the Trusted Registry, is to push and pull