diff --git a/architecture.md b/architecture.md index 8e82397e5d..f4bf13f421 100644 --- a/architecture.md +++ b/architecture.md @@ -23,13 +23,13 @@ using the Commercially Supported Docker Engine. When you install DTR on a node, the following containers are started: -| Name | Description | -|:--------------|:-------------------------------------------------------------------------------------------------------------------------------------------| -| dtr-api | Executes the DTR business logic. It serves the DTR web application, and API. | -| dtr-etcd | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | -| dtr-nginx | Receives http and https requests and proxies them to other DTR components. It listens on ports 80 and 443 of the host where it is running. | -| dtr-registry | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | -| dtr-rethinkdb | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | +| Name | Description | +|:--------------|:----------------------------------------------------------------------------------------------------------------------------------| +| dtr-nginx | Receives http and https requests and proxies them to other DTR components. By default it listens to ports 80 and 443 of the host. | +| dtr-api | Executes the DTR business logic. It serves the DTR web application, and API. | +| dtr-registry | Implements the functionality for pulling and pushing Docker images. It also handles how images are stored. | +| dtr-etcd | A key-value store for persisting DTR configuration settings. Don't use it in your applications, since it's for internal use only. | +| dtr-rethinkdb | A database for persisting repository metadata. Don't use it in your applications, since it's for internal use only. | ## Networks @@ -37,11 +37,15 @@ When you install DTR on a node, the following containers are started: To allow containers to communicate, when installing DTR the following networks are created: -| Name | Type | Description | -|:-------|:--------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| dtr-br | bridge | Allows containers in the same node to communicate with each other in a secure way. | -| dtr-ol | overlay | Allows containers in different nodes to communicate. This network is used in high-availability installations, to allow etcd and RethinkDB containers to replicate their data across different nodes. | +| Name | Type | Description | +|:-------|:--------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| dtr-br | bridge | Allows containers on the same node to communicate with each other in a secure way. | +| dtr-ol | overlay | Allows containers running on different nodes to communicate. This network is used in high-availability installations, to allow Etcd and RethinkDB containers to replicate their data. | +The communication between all DTR components is secured using TLS. Also, when +installing DTR, two Certificate Authorities (CAs) are created. These CAs are +used to create the certificates used by Etcd and RethinkDB when communicating +across nodes. ## Volumes @@ -61,25 +65,24 @@ the default volume driver and flags. By default, Docker Trusted Registry stores images on the filesystem of the host where it is running. -You can also configure DTR for using these cloud storage backends: + +You can also configure DTR to using these cloud storage backends: * Amazon S3 * OpenStack Swift * Microsoft Azure +For highly available installations, configure DTR to use a cloud storage +backend or a network filesystem like NFS. + ## High-availability support -For load balancing and high-availability, you can create multiple replicas of -DTR. In that case, you’ll have multiple nodes, each running the -same set of containers. - +For load balancing and high-availability, you can install multiple replicas of +DTR, and join them to create a cluster. +[Learn more about high availability](high-availability/high-availability.md). -![](images/architecture-2.png) +## Where to go next -Notice that: - -* You can load balance user requests between the controller nodes. -When you make a change to the configuration of one controller node, that -configuration is replicated to the other controllers. -* For high-availability, you should set up 3, 5, or 7 controller nodes. +* [System requirements](install/system-requirements.md) +* [Install DTR](install/install-dtr.md) diff --git a/high-availability/backups-and-disaster-recovery.md b/high-availability/backups-and-disaster-recovery.md index c949722c4a..966e723944 100644 --- a/high-availability/backups-and-disaster-recovery.md +++ b/high-availability/backups-and-disaster-recovery.md @@ -117,3 +117,9 @@ Where: * `--username, --password` are the credentials of a UCP admin user, * `--host` is the IP address of UCP, * `--dtr-host` is the IP address of the host where DTR is going to be installed. + + +## Where to go next + +* [Set up high availability](high-availability.md) +* [DTR architecture](../architecture.md) diff --git a/high-availability/high-availability.md b/high-availability/high-availability.md index 79266598a9..3dfe781bfd 100644 --- a/high-availability/high-availability.md +++ b/high-availability/high-availability.md @@ -13,51 +13,77 @@ weight=0 # Set up high availability Docker Trusted Registry (DTR) is designed for high availability. -When installing DTR you can add multiple nodes to form a cluster. -Adding more nodes to your DTR cluster allows you to: +When you first install DTR, you create a cluster with a single DTR replica. +Replicas are single instances of DTR that can be joined together to form a +cluster. +When joining new replicas to the cluster, you'll be creating new DTR instances +that are running the same set of services. Any change to the state of an +instance, is replicated across all other instances. -* Load-balance user requests across the DTR nodes, -* Keep the DTR cluster working if a node fails. +Having a DTR cluster with multiple replicas, allows you to: -To make a DTR installation tolerant to node failures, add additional nodes to +* Load-balance user requests across the DTR replicas, +* Keep the DTR cluster working if a replica fails. + +To make a DTR installation tolerant to failures, add additional replicas to the DTR cluster. -| DTR nodes | Failures tolerated | -|:---------:|:------------------:| -| 1 | 0 | -| 3 | 1 | -| 5 | 2 | -| 7 | 3 | +| DTR replicas | Failures tolerated | +|:------------:|:------------------:| +| 1 | 0 | +| 3 | 1 | +| 5 | 2 | +| 7 | 3 | + When sizing your DTR installation for high-availability, follow these rules of thumb: -* Don't create a DTR cluster with just two nodes. Your cluster +* Don't create a DTR cluster with just two replicas. Your cluster won't tolerate any failures, and it's possible that you experience performance degradation. -* When a node fails, the number of failures tolerated by your cluster -decreases. Don't leave that node offline for long. -* Adding too many nodes to the cluster might also lead to performance -degradation, as data needs to be replicated across all nodes. +* When a replica fails, the number of failures tolerated by your cluster +decreases. Don't leave that replica offline for long. +* Adding too many replicas to the cluster might also lead to performance +degradation, as data needs to be replicated across all replicas. ## Size your cluster -When installing DTR for production, you should have separate nodes for running -Docker Universal Control Plane (DTR), Docker Trusted Registry, and your -containers. +When installing DTR for production, you should have dedicated nodes for running: -Having dedicated nodes for UCP, DTR, and your containers, ensures they stay -performant since all applications have dedicated resources. +* Docker Universal Control Plane (UCP) controller nodes, +* DTR replicas, +* Your own applications. + +Having dedicated nodes ensures all applications will remain performant since +they have dedicated resources for them. It also makes it easier to implement backup policies and disaster recovery -plans. +plans for UCP and DTR. -For installing DTR for production, you'll need a minimum of: +To have have high-availability on UCP and DTR, you need a minimum of: -* 3 dedicated nodes to install UCP for high-availability, -* 3 dedicated nodes to install DTR for high-availability, +* 3 dedicated nodes to install UCP with high availability, +* 3 dedicated nodes to install DTR with high availability, * As many nodes as you want for running your containers and applications. ![](../images/architecture-3.png) + +## Load balancing + +DTR does not provide a load balancing service. You can use use an on-premises +or cloud-based load balancer to balance requests across multiple DTR replicas. + +Make sure you configure your load balancer to: + +* Not terminate HTTPS connections, +* Use the `/load_balancer_status` endpoint on each DTR replica, to check if +the replica is healthy and if it should remain on the load balancing pool or +not. + +## Where to go next + +* [Backups and disaster recovery](backups-and-disaster-recovery.md) +* [DTR architecture](../architecture.md) diff --git a/images/create-repo-1.png b/images/create-repo-1.png new file mode 100644 index 0000000000..4461b31307 Binary files /dev/null and b/images/create-repo-1.png differ diff --git a/images/create-repo-2.png b/images/create-repo-2.png new file mode 100644 index 0000000000..1df62b53d9 Binary files /dev/null and b/images/create-repo-2.png differ diff --git a/images/install-dtr-1.png b/images/install-dtr-1.png new file mode 100644 index 0000000000..c17e7f0d5c Binary files /dev/null and b/images/install-dtr-1.png differ diff --git a/images/install-dtr-2.png b/images/install-dtr-2.png new file mode 100644 index 0000000000..2a284ed12f Binary files /dev/null and b/images/install-dtr-2.png differ diff --git a/images/install-dtr-3.png b/images/install-dtr-3.png new file mode 100644 index 0000000000..37dea664cb Binary files /dev/null and b/images/install-dtr-3.png differ diff --git a/images/install-dtr-4.png b/images/install-dtr-4.png new file mode 100644 index 0000000000..87508be693 Binary files /dev/null and b/images/install-dtr-4.png differ diff --git a/images/license-1.png b/images/license-1.png new file mode 100644 index 0000000000..37dea664cb Binary files /dev/null and b/images/license-1.png differ diff --git a/images/monitor-1.png b/images/monitor-1.png new file mode 100644 index 0000000000..87508be693 Binary files /dev/null and b/images/monitor-1.png differ diff --git a/images/monitor-2.png b/images/monitor-2.png new file mode 100644 index 0000000000..c17e7f0d5c Binary files /dev/null and b/images/monitor-2.png differ diff --git a/images/overview-1.png b/images/overview-1.png new file mode 100644 index 0000000000..36153b8a07 Binary files /dev/null and b/images/overview-1.png differ diff --git a/images/overview-2.png b/images/overview-2.png new file mode 100644 index 0000000000..9bb034c54d Binary files /dev/null and b/images/overview-2.png differ diff --git a/install/install-dtr-offline.md b/install/install-dtr-offline.md index 383015a0a4..08e663614e 100644 --- a/install/install-dtr-offline.md +++ b/install/install-dtr-offline.md @@ -15,38 +15,45 @@ weight=30 The procedure to install Docker Trusted Registry on a host is the same, whether that host has access to the internet or not. -The only difference when installing on an offline host, -is that instead of pulling the DTR images from Docker Hub, you use a -computer that is connected to the internet to download a single package with -all the images. Then you copy that package to the host where you’ll install DTR. +The only difference when installing DTR on an offline host, is that instead +of pulling the DTR images from Docker Hub, you use a computer that is connected +to the internet to download a single package with all the images. Then you +copy that package to the host where you’ll install DTR. -## Step 1. Get the DTR package +1. Get the DTR package. -Use a computer with internet access to download a single package with all DTR -images. As an example, to download UCP 2.0, run: + Use a computer with internet access to download a single package with all DTR + images. As an example, to download UCP 2.0, run: -```bash -$ wget https://packages.docker.com/dtr/2.0/dtr-2.0.0.tar -``` + ```bash + $ wget https://packages.docker.com/dtr/2.0/dtr-2.0.0.tar + ``` -## Step 2. Copy the package -Now that you have the DTR package file, transfer it to the host where you want -to install Docker Trusted Registry. You can use the `scp` command for this. +2. Transfer the package to the offline host. -```bash -$ scp ./dtr-2.0.0.tar user@dtr-host:/tmp -``` + Now that you have the DTR package file, transfer it to the host where you want + to install Docker Trusted Registry. You can use the `scp` command for this. -## Step 3. Load the DTR images + ```bash + $ scp ./dtr-2.0.0.tar user@dtr-host:/tmp + ``` -Once the package is on the host where you want to install DTR, you can use -the `docker load` command, to load the images from the .tar file. +3. Load the DTR images. -```bash -$ docker load < /tmp/dtr-2.0.0.tar -``` + Once the package is on the host where you want to install DTR, you can use + the `docker load` command, to load the images from the .tar file. -## Step 4. Install DTR + ```bash + $ docker load < /tmp/dtr-2.0.0.tar + ``` -Now that the offline host has all the images needed to install UCP, -you can [install DTR that machine](install-dtr.md). +4. Install DTR. + + Now that the offline host has all the images needed to install UCP, + you can [install DTR that machine](install-dtr.md). + + +## Where to go next + +* [DTR architecture](../architecture.md) +* [Install DTR](install-dtr.md) diff --git a/install/install-dtr.md b/install/install-dtr.md index 2710700af9..4e31b69aaf 100644 --- a/install/install-dtr.md +++ b/install/install-dtr.md @@ -15,176 +15,119 @@ weight=20 # Install Docker Trusted Registry -This document describes the process of obtaining, installing, and securing -Docker Trusted Registry. You can use these instructions if you are installing Trusted Registry on a physical or cloud infrastructure. +Docker Trusted Registry (DTR) is a containerized application that can be +installed on-premises or on a cloud infrastructure. -If your cloud provider is AWS, you have the option of installing Trusted Registry using an Amazon Machine Image (AMI) instead. For more information, read the [installation overview](index.md) to understand your options. +The first step in installing DTR, is ensuring your +infrastructure has all the [requirements DTR needs to run](system-requirements). +Once that is done, use these instructions to install DTR. -## Prerequisites +## Step 1. Install DTR -Docker Trusted Registry runs on the following 64-bit platforms: +To install DTR you use the `docker/dtr` image. This image has commands to +install, configure, and backup DTR. -* Ubuntu 14.04 LTS -* RHEL 7.0 and 7.1 -* CentOS 7.1 -* SUSE Linux Enterprise 12 +To find what commands and options are available, check the +[reference documentation](../reference/install.md), or run: -Docker Trusted Registry requires the latest commercially supported Docker Engine (CS Engine), running on a supported host. +```bash +$ docker run --rm -it docker/dtr --help +``` -The Docker daemon listens to the Unix socket (the default) so that it can be -bind-mounted into the Trusted Registry management containers. This allows -Trusted Registry to manage itself and its updates. For this reason, the host you -install on needs internet connectivity so it can access the updates. -Additionally, your host needs to have TCP ports `80` and `443` available for the -Docker Trusted Registry container port mapping. +To install DTR: -Installing Trusted Registry requires that you have a login to Docker Hub (or the -user-name of an administrator of the Hub organization that obtained an -Enterprise license. If you already installed CS Engine, you should already have a [Hub account](https://hub.docker.com). +1. Make your Docker CLI client point to UCP. -Also, you must have a license for Docker Trusted Registry. This license allows -you to run both Docker Trusted Registry and CS Engine. Before installing, -[purchase a license or sign up for a free, 30 day trial license](https://hub.docker.com/enterprise/). + Download a client certificate bundle from UCP, and use it to configure + your Docker CLI client to run the docker commands on the UCP cluster. + +2. Run the following command to install DTR: + + ```bash + $ docker run -it --rm \ + docker/dtr install + ``` + + In this example we're running the install command interactively, so that it + prompts for the necessary configuration values. + You can also use flags to pass values to the install command. + +3. Check that DTR is running. + + In your browser, navigate to the the Docker **Universal Control Plane** + web UI, and navigate to the **Applications** screen. DTR should be listed + as an application. + + ![](../images/install-dtr-1.png) + + You can also access the **DTR web UI**, to make sure it is working. In your + browser, navigate to the address were you installed DTR. + + ![](../images/install-dtr-2.png) -## Install Docker Trusted Registry +## Step 2. Configure DTR -Trusted Registry is a self-installing application built and distributed using -Docker and the [Docker Hub](https://hub.docker.com/). You install Docker Trusted -Registry by running the "docker/trusted-registry" container. Once installed, it -is able to restart and reconfigure itself using the Docker socket that is -bind-mounted to this container. +After installing DTR, you should configure: -1. Log in to the machine where you want to install Trusted Registry. + * The Domain Name used to access DTR, + * The certificates used for TLS communication, + * The storage backend to store the Docker images. -2. Verify that CS Engine is installed. + To perform these configurations, navigate to the **Settings** page of DTR. - $ docker --version + ![](../images/install-dtr-3.png) - > **Note:** To remain compliant with your Docker Trusted Registry support agreement, you **must** use the current version of commercially supported Docker Engine. Running the open source version of Engine is **not** supported. +## Step 3. Test pushing and pulling -3. Login into the Docker Hub from the command line. +Now that you have a working installation of DTR, you should test that you can +push and pull images to it. +[Learn how to push and pull images](../repos-and-images/push-and-pull-images.md). - $ docker login +## Step 4. Join replicas to the cluster -4. Install the Trusted Registry +To set up DTR for [high availability](../high-availability/high-availability.md), +you can add more replicas to your DTR cluster. Adding more replicas allows you +to load-balance requests across all replicas, and keep DTR working if a +replica fails. - $ sudo bash -c "$(sudo docker run docker/trusted-registry install)" +To add replicas to a DTR cluster, use the `docker/dtr join` command. To find +what options are available, check the +[reference documentation](../reference/join.md), or run: - > **Note**: `sudo` is needed for `docker/trusted-registry` commands to - > ensure that the Bash script is run with full access to the Docker host. +```bash +$ docker run --rm -it docker/dtr join --help +``` - The command executes a shell script that creates the needed directories, - pulls the registry's images, and run its containers. Depending on your - internet connection, this process may take several minutes to complete. A successful outcome completes as follows: +To add replicas: - $ sudo bash -c "$(sudo docker run docker/trusted-registry install)" - Unable to find image 'docker/trusted-registry:latest' locally - Pulling repository docker/trusted-registry - c46d58daad7d: Pulling image (latest) from docker/trusted-registry - c46d58daad7d: Pulling image (latest) from docker/trusted-registry - c46d58daad7d: Pulling dependent layers - 511136ea3c5a: Download complete - fa4fd76b09ce: Pulling metadata - fa4fd76b09ce: Pulling fs layer - ff2996b1faed: Download complete - ... - fd7612809d57: Pulling metadata - fd7612809d57: Pulling fs layer - fd7612809d57: Download complete - Status: Downloaded newer image for docker/trusted-registry:latest - Unable to find image 'docker/trusted-registry:1.1.0' locally - Pulling repository docker/trusted-registry - c46d58daad7d: Download complete - 511136ea3c5a: Download complete - ... - Status: Image is up to date for docker/trusted-registry:1.1.0 - INFO [1.0.0_8ce62a61e058] Attempting to connect to docker engine dockerHost="unix:///var/run/docker.sock" - INFO [1.0.0_8ce62a61e058] Running install command - <...output truncated...> - Creating container docker_trusted_registry_load_balancer with docker daemon unix:///var/run/docker.sock - Starting container docker_trusted_registry_load_balancer with docker daemon unix:///var/run/docker.sock - Bringing up docker_trusted_registry_log_aggregator. - Creating container docker_trusted_registry_log_aggregator with docker daemon unix:///var/run/docker.sock - Starting container docker_trusted_registry_log_aggregator with docker daemon unix:///var/run/docker.sock +1. Make your Docker CLI client point to UCP. -5. Use `docker ps` to list all the running containers. +2. Run the join command: - The listing should show the following were started: + ```bash + $ docker run -it --rm \ + docker/dtr join + ``` - * `docker_trusted_registry_load_balancer` - * `docker_trusted_registry_image_storage_0` - * `docker_trusted_registry_image_storage_1` - * `docker_trusted_registry_admin_server` - * `docker_trusted_registry_log_aggregator` - * `docker_trusted_registry_auth_server` - * `docker_trusted_registry_postgres` + In this example we'll be running the join command interactively, so that it + prompts for the necessary configuration values. + You can also use flags to pass values to the command. -6. Enter the `https:///` your browser's address bar to run the Trusted Registry interface. +3. Check that all replicas are running. - Your browser warns you that this is an unsafe site, with a self-signed, - untrusted certificate. This is normal and expected; allow this connection - temporarily. + In your browser, navigate to the the Docker **Universal Control Plane** + web UI, and navigate to the **Applications** screen. All replicas should + be displayed. + ![](../images/install-dtr-4.png) -## Set the Trusted Registry domain name +4. Follow steps 1 to 3, to add more replicas to the DTR cluster. -The Docker Trusted Registry Administrator site will also warn that the "Domain Name" is not set. - -1. Select "Settings" from the global nav bar at the top of the page, and then set the "Domain Name" to the full host-name of your Docker Trusted Registry server. - -2. Click the "Save and Restart Docker Trusted Registry Server" button to generate a new certificate, which will be used -by both the Docker Trusted Registry Administrator web interface and the Docker Trusted Registry server. - -3. After the server restarts, you will again need to allow the connection to the untrusted Docker Trusted Registry web admin site. - -4. You see a warning notification that this instance of Docker Trusted Registry is unlicensed. You'll correct this in the next section. - -## Apply your license - -The Docker Trusted Registry services will not start until you apply your license. -To do that, you'll first download your license from the Docker Hub and then -upload it to your Docker Trusted Registry web admin server. Follow these steps: - -1. If needed, log back into the [Docker Hub](https://hub.docker.com) - using the user-name you used when obtaining your license. Under your name, go to Settings to display the Account Settings page. Click the Licenses submenu to display the Licenses page. - -2. There is a list of available licenses. Click the download button to - obtain the license file you want. - -3. Go to your Docker Trusted Registry instance in your browser, click Settings in the global nav bar. Click License in the Settings nav bar. Click the Choose File button. It opens a standard file browser. Locate and select the license file you downloaded in the previous step. Approve the selection to close the dialog. - -4. Click the Save and restart button. Docker Trusted Registry quits and then restarts with the applied the license. - -5. Verify the acceptance of the license by confirming that the "Unlicensed copy" - warning is no longer present. - -## Secure the Trusted Registry - -Securing Docker Trusted Registry is **required**. You will not be able to push -or pull from Docker Trusted Registry until you secure it. - -There are several options and methods for securing Docker Trusted Registry. For -more information, see the [configuration documentation](../configure/configuration.md#security) - -## Push and pull images - -You have your Trusted Registry configured with a "Domain Name" and your -client Docker daemons configured with the required security settings. But -before you can test your setup by pushing an image, you need to create a -repository first. Follow the instructions for -[Using Docker Trusted Registry to Push and pull images](../repos-and-images/push-and-pull-images.md) -to create a repository and to push and pull images. - -## Docker Trusted Registry web interface and registry authentication - -By default, there is no authentication set on either the Docker Trusted Registry -web admin interface or the Docker Trusted Registry. You can restrict access -using an in-Docker Trusted Registry configured set of users (and passwords), or -you can configure Docker Trusted Registry to use LDAP- based authentication. - -See [Docker Trusted Registry Authentication settings](../configure/configuration.md#authentication) for more details. + When configuring your DTR cluster for high-availability, you should have + 3, 5, or 7 replicas. + [Learn more about high availability](../high-availability/high-availability.md) ## See also diff --git a/install/license.md b/install/license.md index e371e9d510..4b91e2dbf3 100644 --- a/install/license.md +++ b/install/license.md @@ -13,15 +13,21 @@ weight=31 # License DTR -After installing Docker Trusted Registry, you need to license your installation. -If you just want to try DTR, you can -[get a trial license](https://www.docker.com/pricing). +By default, you don't need to license your Docker Trusted Registry. When +installing DTR, it automatically starts using the same license file used on +your Docker Universal Control Plane cluster. + +However, there are some situations when you have to manually license your +DTR installation.: + +* During an upgrade to a new major version; +* When your current license expires. ## Download your license -When your license is issued, you can download it on Docker Hub. On Docker Hub, -navigate to your profile settings. Then click the +When your new license is issued, you can download it on **Docker Hub**. Navigate +to your **Profile settings**, and click the [Licenses tab](https://hub.docker.com/account/licenses/). ![](../images/get-license-2.png) @@ -30,9 +36,15 @@ navigate to your profile settings. Then click the ## License your installation Once you've downloaded the license file, you can apply it to your DTR -installation. On your browser, navigate to DTR, and then go to the **settings +installation. Navigate to the **DTR web app**, and then go to the **Settings page**. - +![](../images/license-1.png) -**Upload the new license**, and click **save** for the changes to take effect. +Click the **Apply new license** button, and upload your new license file. + + +## Where to go next + +* [Install DTR](install-dtr.md) +* [Install DTR offline](install-dtr-offline.md) diff --git a/install/system-requirements.md b/install/system-requirements.md index 297ea3f42a..3b71fec77c 100644 --- a/install/system-requirements.md +++ b/install/system-requirements.md @@ -49,3 +49,8 @@ DTR collects anonymous usage metrics, to help us improve it. These metrics are entirely anonymous, don’t identify your company, users, applications, or any other sensitive information. You can disable this on the DTR settings page. + +## Where to go next + +* [DTR architecture](../architecture.md) +* [Install DTR](install-dtr.md) diff --git a/install/uninstall.md b/install/uninstall.md index 03d9b89827..391d60ead3 100644 --- a/install/uninstall.md +++ b/install/uninstall.md @@ -11,3 +11,51 @@ weight=50 # Uninstall Docker Trusted Registry + +Use the `docker/dtr remove` command, to remove a DTR replica from a cluster. +To uninstall a DTR cluster you remove all DTR replicas one at a time. +The remove command: + +* Removes the replica from the cluster, +* Stops and removes all DTR containers, +* Deletes all DTR volumes. + +To see what options are available in the uninstall command, check the +[uninstall command reference](../reference/remove.md), or run: + +```bash +$ docker run --rm -it docker/dtr uninstall --help +``` + +## Example + +The following example illustrates how use the remove command interactively to +remove a DTR replica from a cluster with multiple replicas: + +```bash +# Get the certificates used by UCP +$ curl https://$UCP_HOST/ca > ucp-ca.pem + +$ docker run --rm -it docker/dtr remove --ucp-ca "$(cat ucp-ca.pem)" + +existing-replica-id (ID of an existing replica in a cluster): 7ae3cb044b70 +replica-id (Specify the replica Id. Must be unique per replica, leave blank for random): a701a510126c +username (Specify the UCP admin username): $UCP_ADMIN +password: $UCP_PASSWORD +host (Specify the UCP host using the host[:port] format): $UCP_HOST +``` + +Where: +* existing-replica-id: is the id of any DTR replica of that cluster, +* replica-id: is the id of the DTR replica you want to remove, +* username and password: are the username and password of a UCP administrator. + + +Now you can confirm on Docker Universal Control Plane that the DTR replica +`a701a510126c` no longer exists. + + +## Where to go next + +* [Install DTR](install-dtr.md) +* [Install DTR offline](install-dtr-offline.md) diff --git a/monitor-troubleshoot/monitor.md b/monitor-troubleshoot/monitor.md index c7f59964fb..df42b7c7d1 100644 --- a/monitor-troubleshoot/monitor.md +++ b/monitor-troubleshoot/monitor.md @@ -19,16 +19,20 @@ capabilities of Docker Universal Control Plane. In your browser, log in to **Docker Universal Control Plane** (UCP), and navigate to the **Applications** page. - - To make it easier to find DTR, use the search box to **search for the DTR application**. If you have DTR set up for high-availability, then all the DTR nodes are displayed. - +![](../images/monitor-1.png) **Click on the DTR application** to see all of its containers, and if they're running. **Click on a container** to see its details, like configurations, resources, and logs. - +![](../images/monitor-2.png) + + +## Where to go next + +* [Troubleshoot DTR](troubleshoot.md) +* [DTR architecture](../architecture.md) diff --git a/overview.md b/overview.md index c7352f2a05..ecae3a391a 100644 --- a/overview.md +++ b/overview.md @@ -16,13 +16,13 @@ Docker Trusted Registry (DTR) is the enterprise-grade image storage solution from Docker. You install it behind your firewall so that you can securely store and manage the Docker images you use in your applications. - - ## Image management Docker UCP can be installed on-premises, or on a virtual private cloud. And with it, you can store your Docker images securely, behind your firewall. +![](images/overview-1.png) + You can use DTR as part of your Continuous Integration (CI), and Continuous Delivery (CD) processes, to build, run, and ship your applications. @@ -35,4 +35,10 @@ and Active Directory. It also supports Role Based Access Control (RBAC). This allows you to implement fine-grain access control policies, on who has access to your Docker images. - +![](images/overview-2.png) + + +## Where to go next + +* [DTR architecture](architecture.md) +* [Install DTR](install/install-dtr.md) diff --git a/release-notes/index.md b/release-notes/index.md index ccb15bced5..38f908adb1 100644 --- a/release-notes/index.md +++ b/release-notes/index.md @@ -6,6 +6,6 @@ keywords = ["docker, dtr, release notes, upgrade"] [menu.main] parent="workw_dtr" identifier="dtr_menu_release_notes" -weight=120 +weight=110 +++ diff --git a/repos-and-images/create-repo.md b/repos-and-images/create-repo.md index 87fefff1c4..91b6a5806d 100644 --- a/repos-and-images/create-repo.md +++ b/repos-and-images/create-repo.md @@ -15,25 +15,26 @@ weight=0 Before you can push images to your Docker Trusted Registry, you need to create a repository for them. -To create a new repository: +To create a new repository, navigate to the **DTR web application**, and click +the **New repository** button. -1. In your browser navigate to the **Docker Trusted Registry web application**. +![](../images/create-repo-1.png) -2. Navigate to the **Repositories** page. +Add a **name and description** for the repository, and choose whether your +repository is public or private: -3. Click **New repository**. - - -4. Add a **name and description** for the repository. - - -5. Choose whether your repository is public or private: - - * Private repositories are visible to all users, but can only be changed by + * Public repositories are visible to all users, but can only be changed by users granted with permission to write them. * Private repositories can only be seen by users that have been granted permissions to that repository. -6. Click **Create** to create the repository. +![](../images/create-repo-2.png) -Now you can push your images to this repository. +Click **Save** to create the repository. Now you can push your images to this +repository. + + +## Where to go next + +* [Push and pull images](push-and-pull-images.md) +* [Delete images](delete-images.md) diff --git a/support.md b/support.md index 87fdf77ec0..69e3952bb2 100644 --- a/support.md +++ b/support.md @@ -5,7 +5,7 @@ description="Your Docker subscription gives you access to prioritized support. Y keywords = ["Docker, support", "help"] [menu.main] parent="workw_dtr" -weight=110 +weight=120 +++