docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update UCP config file reference (#6222) 

Update UCP config file reference
This commit is contained in:
Joao Fernandes 2018-03-20 15:39:35 -07:00 committed by GitHub
parent a43b2197df
commit d3e24a2807
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 65 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md
View File

@ -75,7 +75,7 @@ for modifying this config file.
## auth table
| Parameter | Required | Description |
| ----------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:------------------------|:---------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `backend` | no | The name of the authorization backend to use, either `managed` or `ldap`. The default is `managed`. |
| `default_new_user_role` | no | The role that new users get for their private collections. Values are `admin`, `viewonly`, `scheduler`, `restrictedcontrol`, or `fullcontrol`. The default is `restrictedcontrol`. |
@ -83,7 +83,7 @@ for modifying this config file.
## auth.sessions
| Parameter | Required | Description |
| --------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:----------------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `lifetime_minutes` | no | The initial session lifetime, in minutes. The default is 4320, which is 72 hours. |
| `renewal_threshold_minutes` | no | The length of time, in minutes, before the expiration of a session where, if used, a session will be extended by the current configured lifetime from then. A zero value disables session extension. The default is 1440, which is 24 hours. |
| `per_user_limit` | no | The maximum number of sessions that a user can have active simultaneously. If creating a new session would put a user over this limit, the least recently used session will be deleted. A value of zero disables limiting the number of sessions that users may have. The default is 5. |
@ -91,7 +91,7 @@ for modifying this config file.
## auth.ldap (optional)
| Parameter | Required | Description |
| ----------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|:------------------------|:---------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `server_url` | no | The URL of the LDAP server. |
| `no_simple_pagination` | no | Set to `true` if the LDAP server doesn't support the Simple Paged Results control extension (RFC 2696). The default is `false`. |
| `start_tls` | no | Set to `true` to use StartTLS to secure the connection to the server, ignored if the server URL scheme is 'ldaps://'. The default is `false`. |
@ -110,7 +110,7 @@ to sync users and team members. This is an advanced feature which most
environments don't need.
| Parameter | Required | Description |
| ---------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:-----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `domain` | no | The root domain component of this server, for example, `dc=example,dc=com`. A longest-suffix match of the base DN for LDAP searches is used to select which LDAP server to use for search requests. If no matching domain is found, the default LDAP server config is used. |
| `server_url` | no | The URL of the LDAP server for the current additional domain. |
| `no_simple_pagination` | no | Set to true if the LDAP server for this additional domain does not support the Simple Paged Results control extension (RFC 2696). The default is `false`. |
@ -126,7 +126,7 @@ environments don't need.
Settings for syncing users.
| Parameter | Required | Description |
| ------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|:--------------------------|:---------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `base_dn` | no | The distinguished name of the element from which the LDAP server will search for users, for example, `ou=people,dc=example,dc=com`. |
| `scope_subtree` | no | Set to `true` to search for users in the entire subtree of the base DN. Set to `false` to search only one level under the base DN. The default is `false`. |
| `username_attr` | no | The name of the attribute of the LDAP user element which should be selected as the username. The default is `uid`. |
@ -142,7 +142,7 @@ Settings for syncing users.
Settings for syncing system admininistrator users.
| Parameter | Required | Description |
| ---------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:-----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `enable_sync` | no | Set to `true` to enable syncing admins. If `false`, all other fields in this table are ignored. The default is `true`. |
| `select_group_members` | no | Set to `true` to sync using a group DN and member attribute selection. Set to `false` to use a search filter. The default is `true`. |
| `group_dn` | no | The distinguished name of the LDAP group, for example, `cn=ddc-admins,ou=groups,dc=example,dc=com`. Required if `select_group_members` is `true`. |
@ -157,7 +157,7 @@ Settings for syncing system admininistrator users.
An array of tables that specifies the DTR instances that the current UCP instance manages.
| Parameter | Required | Description |
| -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:---------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `host_address` | yes | The address for connecting to the DTR instance tied to this UCP cluster. |
| `service_id` | yes | The DTR instance's OpenID Connect Client ID, as registered with the Docker authentication provider. |
| `ca_bundle` | no | If you're using a custom certificate authority (CA), the `ca_bundle` setting specifies the root CA bundle for the DTR instance. The value is a string with the contents of a `ca.pem` file. |
@ -167,7 +167,7 @@ An array of tables that specifies the DTR instances that the current UCP instanc
Specifies the users who can schedule containers on manager nodes.
| Parameter | Required | Description |
| ----------------------------- | -------- | -------------------------------------------------------------------------------------------------- |
|:------------------------------|:---------|:---------------------------------------------------------------------------------------------------|
| `enable_admin_ucp_scheduling` | no | Set to `true` to allow admins to schedule on containers on manager nodes. The default is `false`. |
| `enable_user_ucp_scheduling` | no | Set to `true` to allow non-admin users to schedule containers on managers. The default is `false`. |
@ -176,7 +176,7 @@ Specifies the users who can schedule containers on manager nodes.
Specifies the analytics data that UCP collects.
| Parameter | Required | Description |
| -------------------- | -------- | --------------------------------------------------------------------------------------- |
|:---------------------|:---------|:----------------------------------------------------------------------------------------|
| `disable_usageinfo` | no | Set to `true` to disable analytics of usage information. The default is `false`. |
| `disable_tracking` | no | Set to `true` to disable analytics of API call information. The default is `false`. |
| `anonymize_tracking` | no | Anonymize analytic data. Set to `true` to hide your license ID. The default is `false`. |
@ -186,7 +186,7 @@ Specifies the analytics data that UCP collects.
Specifies whether DTR images require signing.
| Parameter | Required | Description |
| ------------------------ | -------- | ----------------------------------------------------------------------------------- |
|:-------------------------|:---------|:------------------------------------------------------------------------------------|
| `require_content_trust` | no | Set to `true` to require images be signed by content trust. The default is `false`. |
| `require_signature_from` | no | A string array that specifies users or teams which must sign images. |
@ -195,7 +195,7 @@ Specifies whether DTR images require signing.
Configures the logging options for UCP components.
| Parameter | Required | Description |
| ---------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:-----------|:---------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `protocol` | no | The protocol to use for remote logging. Values are `tcp` and `udp`. The default is `tcp`. |
| `host` | no | Specifies a remote syslog server to send UCP controller logs to. If omitted, controller logs are sent through the default docker daemon logging driver from the `ucp-controller` container. |
| `level` | no | The logging level for UCP components. Values are [syslog priority levels](https://linux.die.net/man/5/syslog.conf): `debug`, `info`, `notice`, `warning`, `err`, `crit`, `alert`, and `emerg`. |
@ -205,7 +205,7 @@ Configures the logging options for UCP components.
Specifies whether the your UCP license is automatically renewed.
| Parameter | Required | Description |
| -------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:---------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `auto_refresh` | no | Set to `true` to enable attempted automatic license renewal when the license nears expiration. If disabled, you must manually upload renewed license after expiration. The default is `true`. |
## cluster_config table (required)
@ -218,7 +218,7 @@ components. Assigning these values overrides the settings in a container's
[Configure container DNS](/engine/userguide/networking/default_network/configure-dns/).
| Parameter | Required | Description |
| ----------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|:----------------------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `controller_port` | yes | Configures the port that the `ucp-controller` listens to. The default is `443`. |
| `swarm_port` | yes | Configures the port that the `ucp-swarm-manager` listens to. The default is `2376`. |
| `swarm_strategy` | no | Configures placement strategy for container scheduling. This doesn't affect swarm-mode services. Values are `spread`, `binpack`, and `random`. |
@ -232,3 +232,6 @@ components. Assigning these values overrides the settings in a container's
| `metrics_retention_time` | no | Adjusts the metrics retention time. Units can be `s/m/h` (`12h` for rexample). |
| `metrics_scrape_interval` | no | Sets the interval for how frequently managers gather metrics from nodes in the cluster. Units can be `s/m/h` (`12h` for rexample). |
| `metrics_disk_usage_interval` | no | Sets the interval for how frequently storage metrics are gathered. This operation can be expensive when large volumes are present. Units can be `s/m/h` (`12h` for rexample). |
| `rethinkdb_cache_size` | no | Set the size of the cache used by UCP's RethinkDB servers. The default is 512MB, but leaving this field empty or specifying the special value "auto" will instruct RethinkDB to determine a cache size automatically. |
| `min_tls_version` | no | Set the minimum TLS version for the controller to serve. Valid options are tlsv1, tlsv1.0, tlsv1.1, and tlsv1.2. |
| `local_volume_collection_mapping` | no | Store data about collections for volumes in UCP's local KV store instead of on the volume labels. This is used for enforcing access control on volumes. |