docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #869 from docker/final-polish 

Final polish
This commit is contained in:
Justin I. Nevill 2018-11-07 15:17:27 -05:00 committed by GitHub
parent 396e5d5159 b4c7b8b79e
commit d63a1e201e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
675 changed files with 76442 additions and 14215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
_data/ddc_offline_files_2.yaml
View File

@ -228,3 +228,4 @@
url: https://packages.docker.com/caas/dtr-2.3.1.tar.gz
- description: "DTR 2.3.0"
url: https://packages.docker.com/caas/dtr-2.3.0.tar.gz

14
_data/toc.yaml
View File

@ -124,7 +124,7 @@ guides:
- path: /toolbox/faqs/troubleshoot/
title: Troubleshooting
- title: Release notes
path: /release-notes/docker-ce/
path: /engine/release-notes/
nosync: true
- sectiontitle: Docker EE
section:
@ -145,7 +145,7 @@ guides:
- path: /install/windows/docker-ee/
title: Microsoft Windows Server
- title: Release notes
path: /ee/engine/release-notes/
path: /engine/release-notes/
nosync: true
- sectiontitle: Compatibility between Docker versions
section:
@ -1529,7 +1529,7 @@ manuals:
title: Install Docker EE Engine
nosync: true
- title: Release notes
path: /ee/engine/release-notes/
path: /engine/release-notes/
- sectiontitle: Universal Control Plane
section:
- path: /ee/ucp/
@ -2561,7 +2561,7 @@ manuals:
section:
- path: /ee/dtr/user/manage-images/
title: Create a repository
- path: /ee/dtr/user/review-repository-info/
- path: /ee/dtr/user/manage-images/review-repository-info/
title: Review repository info
- path: /ee/dtr/user/manage-images/pull-and-push-images/
title: Pull and push images
@ -3945,11 +3945,9 @@ manuals:
section:
- path: /release-notes/
title: Overview
- path: /ee/engine/release-notes/
title: Docker EE
- path: /engine/release-notes/
title: Docker EE and CE
nosync: true
- path: /release-notes/docker-ce/
title: Docker CE
- path: /cs-engine/1.13/release-notes/
title: CS Docker Engine
nosync: true

35
datacenter/dtr/2.5/admin/configure/allow-creation-on-push.md
View File

@ -1,35 +0,0 @@
---
title: Allow users to create repositories when pushing
description: By default Docker Trusted Registry only allows pushing images to
existing repositories. Learn how to change that.
keywords: dtr, repository
redirect_from:
- /datacenter/dtr/2.5/guides/admin/configure/allow-creation-on-push/
---
By default DTR only allows pushing images if the repository exists, and you
have write access to the repository.
As an example, if you try to push to `dtr.example.org/library/java:9`, and the
`library/java` repository doesn't exist yet, your push fails.
You can configure DTR to allow pushing to repositories that don't exist yet.
As an administrator, log into the **DTR web UI**, navigate to the **Settings**
page, and enable **Create repository on push**.
![DTR settings page](../../images/create-on-push-1.png){: .with-border}
From now on, when a user pushes to their personal sandbox
(`<user-name>/<repository>`), or if the user is an administrator for the
organization (`<org>/<repository>`), DTR will create a repository if it doesn't
exist yet. In that case, the repository is created as private.
## Use the CLI to enable pushing to repositories that don't exist yet
```bash
curl --user <admin-user>:<password> \
--request POST "<dtr-url>/api/v0/meta/settings" \
--header "accept: application/json" \
--header "content-type: application/json" \
--data "{ \"createRepositoryOnPush\": true}"
```

81
datacenter/dtr/2.5/admin/configure/deploy-caches/configuration-reference.md
View File

@ -1,81 +0,0 @@
---
title: DTR cache configuration reference
description: Learn about the different configuration options for DTR caches.
keywords: DTR, cache
---
DTR caches are based on Docker Registry, and use the same configuration
file format.
[Learn more about the configuration options](/registry/configuration.md).
The DTR cache extends the Docker Registry configuration file format by
introducing a new middleware called `downstream` that has three configuration
options: `blobttl`, `upstreams`, and `cas`:
```none
# Settings that you would include in a
# Docker Registry configuration file followed by
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- <Externally-reachable address for upstream registry or content cache in format scheme://host:port>
cas:
- <Absolute path to next-hop upstream registry or content cache CA certificate in the container's filesystem>
```
Below you can find the description for each parameter, specific to DTR caches.
<table>
<tr>
<th>Parameter</th>
<th>Required</th>
<th>Description</th>
</tr>
<tr>
<td>
<code>blobttl</code>
</td>
<td>
no
</td>
<td>
The TTL for blobs in the cache. This field takes a positive integer and an optional suffix indicating the unit of time. If
this field is configured, "storage.delete.enabled" must be configured to true. Possible units are:
<ul>
<li><code>ns</code> (nanoseconds)</li>
<li><code>us</code> (microseconds)</li>
<li><code>ms</code> (milliseconds)</li>
<li><code>s</code> (seconds)</li>
<li><code>m</code> (minutes)</li>
<li><code>h</code> (hours)</li>
</ul>
If you omit the suffix, the system interprets the value as nanoseconds.
</td>
</tr>
<tr>
<td>
<code>cas</code>
</td>
<td>
no
</td>
<td>
An optional list of absolute paths to PEM-encoded CA certificates of upstream registries or content caches.
</td>
</tr>
<tr>
<td>
<code>upstreams</code>
</td>
<td>
yes
</td>
<td>
A list of externally-reachable addresses for upstream registries of content caches. If more than one host is specified, it will pull from registries in round-robin order.
</td>
</tr>
</table>

76
datacenter/dtr/2.5/admin/configure/deploy-caches/high-availability.md
View File

@ -1,76 +0,0 @@
---
title: Configure caches for high availability
description: Learn how to deploy a DTR cache with fault tolerance and high
availability.
keywords: DTR, cache
---
If you're deploying a DTR cache in a zone with few users and with no uptime
SLAs, a [single cache service is enough for you](simple.md).
But if you want to make sure your DTR cache is always available to users
and is highly performant, you should configure your cache deployment for
high availability.
![Highly-available cache](../../../images/deploy-caches-ha-1.svg)
## System requirements
* Multiple nodes, one for each cache replica.
* A load balancer.
* Shared storage system that has read-after-write consistency.
The way you deploy a DTR cache is the same, whether you're deploying a single
replica or multiple ones. The difference is that you should configure the
replicas to store data using a shared storage system.
When using a shared storage system, once an image layer is cached, any replica
is able to serve it to users without having to fetch a new copy from DTR.
DTR caches support the following storage systems:
* Alibaba Cloud Object Storage Service
* Amazon S3
* Azure Blob Storage
* Google Cloud Storage
* NFS
* Openstack Swift
If you're using NFS as a shared storage system, make sure the shared
directory is configured with:
```
/dtr-cache *(rw,root_squash,no_wdelay)
```
This ensures read-after-write consistency for NFS.
You should also mount the NFS directory on each node where you'll deploy a
DTR cache replica.
## Label the DTR cache nodes
Use SSH to log in to a manager node of the swarm where you want to deploy
the DTR cache.
If you're using UCP to manage that swarm you can also use a client bundle to
configure your Docker CLI client to connect to that swarm.
Label each node that is going to run the cache replica, by running:
```
docker node update --label-add dtr.cache=true <node-hostname>
```
## Configure and deploy the cache
Create the cache configuration files by following the
[instructions for deploying a single cache replica](simple.md#prepare-the-cache-deployment).
Make sure you adapt the `storage` object, using the
[configuration options for the shared storage](/registry/configuration.md#storage)
of your choice.
## Configure your load balancer
The last step is to deploy a load balancer of your choice to load-balance
requests across the multiple replicas you deployed.

73
datacenter/dtr/2.5/admin/configure/deploy-caches/index.md
View File

@ -1,73 +0,0 @@
---
title: DTR cache overview
description: Deploy DTR caches in different geographical locations for users to
pull images faster.
keywords: DTR, cache
---
The further away you are from the geographical location where DTR is deployed,
the longer it will take the pull and push images.
This happens because the files being transferred from DTR to your machine
need to travel a longer distance, across multiple networks.
![Slow pull](../../../images/deploy-caches-1.svg)
To decrease the time to pull an image, you can deploy DTR caches geographically
closer to users.
Caches are transparent to users, since users still login and pull images using
the DTR url address.
DTR checks if users are authorized to pull the image, and redirects the
request to the cache.
![Pull with cache](../../../images/deploy-caches-2.svg)
In this example, DTR is deployed on a datacenter in the United States, and
a cache is deployed in the Asia office.
Users in the Asia office updated their user profile in DTR to fetch from
the cache in their office. They pull an image using:
```
# Log in to DTR
docker login dtr.example.org
# Pull image
docker image pull dtr.example.org/website/ui:3-stable
```
DTR authenticates the request and checks if the user has permission to pull the
image they're requesting. If they have permissions, they'll get an image
manifest containing the list of image layers to pull and redirecting them
to pull them from the Asia cache.
When users request those images layers from the Asia cache, the cache pulls
them from DTR and keeps a copy that can be used to serve to other users without
having to pull the image layers from DTR again.
## Caches or mirroring policies
Use caches if you:
* Want to make image pulls faster for users in different geographical regions.
* Want to manage user permissions from a central place.
If you need users to be able to push images faster, or you want to implement
RBAC policies based on different regions, don't use caches.
Instead, deploy multiple DTR clusters and implement mirroring policies between
them.
![Mirroring policies](../../../images/deploy-caches-3.svg)
With mirroring policies you can set up a development pipeline where images
are automatically pushed between different DTR repositories, or across
DTR deployments.
As an example you can set up a development pipeline with three different stages.
Developers can push and pull images from the development environment,
only pull from QA, and have no access to Production.
With multiple DTR deployments you can control the permissions developers have
for each deployment, and you can create policies to automatically push images
from one deployment to the next.
[Learn more about deployment policies](../../../user/promotion-policies/index.md).

272
datacenter/dtr/2.5/admin/configure/deploy-caches/simple.md
View File

@ -1,272 +0,0 @@
---
title: Deploy a DTR cache
description: Deploy a DTR cache to make users in remove geographical locations
pull images faster.
keywords: DTR, cache
---
This example guides you in deploying a DTR cache, assuming that you've got
a DTR deployment up and running. It also assumes that you've provisioned
[multiple nodes and joined them into a swarm](strategy.md#system-requirements).
![Cache for Asia](../../../images/deploy-caches-simple-1.svg)
The DTR cache is going to be deployed as a Docker service, so that Docker
automatically takes care of scheduling and restarting the service if
something goes wrong.
We'll manage the cache configuration using a Docker configuration, and the TLS
certificates using Docker secrets. This allows you to manage the configurations
securely and independently of the node where the cache is actually running.
## Dedicate a node for the cache
To make sure the DTR cache is performant, it should be deployed on a node
dedicated just for it. Start by labelling the node where you want
to deploy the cache, so that you target the deployment to that node.
Use SSH to log in to a manager node of the swarm where you want to deploy
the DTR cache. If you're using UCP to manage that swarm, use a client bundle to
configure your Docker CLI client to connect to the swarm.
```
docker node update --label-add dtr.cache=true <node-hostname>
```
[Learn more about labelling nodes](/engine/swarm/manage-nodes.md#add-or-remove-label-metadata).
## Prepare the cache deployment
Create a file structure that looks like this:
```
├── docker-stack.yml # Stack file to deploy cache with a single command
├── config.yml # The cache configuration file
└── certs
   ├── cache.cert.pem # The cache public key certificate
   ├── cache.key.pem # The cache private key
   └── dtr.cert.pem # DTR CA certificate
```
Then add the following content to each of the files:
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#tab1">docker-stack.yml</a></li>
<li><a data-toggle="tab" data-target="#tab2">config.yml</a></li>
<li><a data-toggle="tab" data-target="#tab3">cache.cert.pem</a></li>
<li><a data-toggle="tab" data-target="#tab4">cache.key.pem</a></li>
<li><a data-toggle="tab" data-target="#tab5">dtr.cert.pem</a></li>
</ul>
<div class="tab-content">
<div id="tab1" class="tab-pane fade in active">
<pre class="highlight">
<code>
version: "3.3"
services:
cache:
image: {{ page.dtr_org }}/{{ page.dtr_repo }}-content-cache:{{ page.dtr_version }}
entrypoint:
- /start.sh
- "/config.yml"
ports:
- 443:443
deploy:
replicas: 1
placement:
constraints: [node.labels.dtr.cache == true]
restart_policy:
condition: on-failure
configs:
- config.yml
secrets:
- dtr.cert.pem
- cache.cert.pem
- cache.key.pem
configs:
config.yml:
file: ./config.yml
secrets:
dtr.cert.pem:
file: ./certs/dtr.cert.pem
cache.cert.pem:
file: ./certs/cache.cert.pem
cache.key.pem:
file: ./certs/cache.key.pem
</code>
</pre>
<hr>
</div>
<div id="tab2" class="tab-pane fade">
<pre class="highlight">
<code>
version: 0.1
log:
level: info
storage:
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
http:
addr: 0.0.0.0:443
secret: generate-random-secret
host: https://&lt;cache-url&gt;
tls:
certificate: /run/secrets/cache.cert.pem
key: /run/secrets/cache.key.pem
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- https://&lt;dtr-url&gt;:&lt;dtr-port&gt;
cas:
- /run/secrets/dtr.cert.pem
</code>
</pre>
<hr>
</div>
<div id="tab3" class="tab-pane fade" markdown="1">
Add the public key certificate for the cache here. If the certificate has been
signed by an intermediate certificate authority, append it's public key
certificate at the end of the file.
<hr>
</div>
<div id="tab4" class="tab-pane fade" markdown="1">
Add the unencrypted private key for the cache here.
<hr>
</div>
<div id="tab5" class="tab-pane fade" markdown="1">
The cache communicates with DTR using TLS. If you've customized DTR
to use TLS certificates issued by a globally trusted certificate authority,
the cache automatically trusts DTR.
But if you're using the default DTR configuration, or DTR is using TLS
certificates signed by your own certificate authority, you need to configure
the cache to trust DTR.
Add the DTR CA certificate to the `certs/dtr.cert.pem` file. You can
do this by running:
```
curl -sk https://<dtr-url>/ca > certs/dtr.cert.pem
```
<hr>
</div>
</div>
With this configuration, the cache fetches image layers from DTR and keeps
a local copy for 24 hours. After that, if a user requests that image layer,
the cache fetches it again from DTR.
The cache is configured to persist data inside its container.
If something goes wrong with the cache service, Docker automatically redeploys a
new container, but previously cached data is not persisted.
You can [customize the storage parameters](/registry/configuration.md#storage),
if you want to store the image layers using a persistent storage backend.
Also, the cache is configured to use port 443. If you're already using that
port in the swarm, update the deployment and configuration files to use another
port. Don't forget to create firewall rules for the port you choose.
## Deploy the cache
Now that everything is set up, you can deploy the cache by running:
```
docker stack deploy --compose-file docker-stack.yml dtr-cache
```
You can check if the cache has been successfully deployed by running:
```
docker stack ps dtr-cache
```
Docker should show the dtr-cache stack is running.
## Register the cache with DTR
Now that you've deployed a cache, you need to configure DTR to know about it.
This is done using the `POST /api/v0/content_caches` API. You can use the
DTR interactive API documentation to use this API.
In the DTR web UI, click the top-right menu, and choose **API docs**.
![](../../../images/deploy-caches-simple-2.png){: .with-border}
Navigate to the `POST /api/v0/content_caches` line and click it to expand.
In the **body** field include:
```
{
"name": "region-asia",
"host": "https://<cache-url>:<cache-port>"
}
```
Click the **Try it out!** button to make the API call.
![](../../../images/deploy-caches-simple-3.png){: .with-border}
## Configure your user account
Now that you've registered the cache with DTR, users can configure
their user profile to pull images from DTR or the cache.
In the DTR web UI, navigate to your **Account**, click the **Settings**
tab, and change the **Content Cache** settings to use the cache you deployed.
![](../../../images/deploy-caches-simple-4.png){: .with-border}
If you need to set this for multiple users at the same time, use the
`/api/v0/accounts/{username}/settings` API endpoint.
Now when you pull images, you'll be using the cache.
## Test that the cache is working
To validate that the cache is working as expected:
1. [Push an image to DTR](../../../user/manage-images/pull-and-push-images.md).
2. Make sure your user account is configured to use the cache.
3. Delete the image from your local system.
4. Pull the image from DTR.
To validate that the cache is actually serving your request, and to
troubleshoot misconfigurations, check the logs for the cache service
by running:
```
docker service logs --follow dtr-cache_cache
```
The most common causes of configuration are due to TLS authentication:
* DTR not trusting the cache TLS certificates.
* The cache not trusting DTR TLS certificates.
* Your machine not trusting DTR or the cache.
When this happens, check the cache logs to troubleshoot the
misconfiguration.
## Clean up sensitive files
The certificates and private keys are now managed by Docker in a secure way.
Don't forget to delete sensitive files you've created on disk, like the
private keys for the cache:
```
rm -rf certs
```

58
datacenter/dtr/2.5/admin/configure/deploy-caches/strategy.md
View File

@ -1,58 +0,0 @@
---
title: Cache deployment strategy
description: Learn how to deploy DTR caches across multiple datacenters to make
image pulls faster.
keywords: DTR, cache
---
The main reason to use a DTR cache is so that users can pull images from
a service that's geographically closer to them.
In this example a company has developers spread across three locations: United
States, Asia, and Europe. Developers working in the US office can pull their
images from DTR without problem, but developers in the Asia and Europe offices
complain that it takes them a long time to pulls images.
![Offices](../../../images/deploy-caches-strategy-1.svg)
To address that, you can deploy DTR caches in the Asia and Europe offices, so
that developers working from there can pull images much faster.
## Deployment overview
To deploy the DTR caches for this scenario, you need three datacenters:
* The US datacenter runs DTR configured for high availability.
* The Asia datacenter runs a DTR cache.
* The Europe datacenter runs another DTR cache.
![Offices](../../../images/deploy-caches-strategy-2.svg)
Both caches are configured to fetch images from DTR.
## System requirements
Before deploying a DTR cache in a datacenter, make sure you:
* Provision multiple nodes and install Docker on them.
* Join the nodes into a Swarm.
* Have one or more dedicated worker nodes just for running the DTR cache.
* Have TLS certificates to use for securing the cache.
* Have a shared storage system, if you want the cache to be highly available.
If you only plan on running a DTR cache on this datacenter, you just need
[Docker EE Basic](https://www.docker.com/pricing), which only includes the
Docker Engine.
If you plan on running other workloads on this datacenter, consider deploying
[Docker EE Standard or Advanced](https://www.docker.com/pricing).
This way you can enforce fine-grain control over cluster resources, and makes it
easier to monitor and manage your applications.
## Ports used
You can customize the port used by the DTR cache, so you'll have to configure
your firewall rules to make sure users can access the cache using the port
you chose.
By default the documentation guides you in deploying caches that are exposed
on port 443/TCP using the swarm routing mesh.

60
datacenter/dtr/2.5/admin/disaster-recovery/index.md
View File

@ -1,60 +0,0 @@
---
title: DTR disaster recovery overview
description: Learn the multiple disaster recovery strategies you can use with
Docker Trusted Registry.
keywords: dtr, disaster recovery
---
Docker Trusted Registry is a clustered application. You can join multiple
replicas for high availability.
For a DTR cluster to be healthy, a majority of its replicas (n/2 + 1) need to
be healthy and be able to communicate with the other replicas. This is also
known as maintaining quorum.
This means that there are three failure scenarios possible.
## Replica is unhealthy but cluster maintains quorum
One or more replicas are unhealthy, but the overall majority (n/2 + 1) is still
healthy and able to communicate with one another.
![Failure scenario 1](../../images/dr-overview-1.svg)
In this example the DTR cluster has five replicas but one of the nodes stopped
working, and the other has problems with the DTR overlay network.
Even though these two replicas are unhealthy the DTR cluster has a majority
of replicas still working, which means that the cluster is healthy.
In this case you should repair the unhealthy replicas, or remove them from
the cluster and join new ones.
[Learn how to repair a replica](repair-a-single-replica.md).
## The majority of replicas are unhealthy
A majority of replicas are unhealthy, making the cluster lose quorum, but at
least one replica is still healthy, or at least the data volumes for DTR are
accessible from that replica.
![Failure scenario 2](../../images/dr-overview-2.svg)
In this example the DTR cluster is unhealthy but since one replica is still
running it's possible to repair the cluster without having to restore from
a backup. This minimizes the amount of data loss.
[Learn how to do an emergency repair](repair-a-cluster.md).
## All replicas are unhealthy
This is a total disaster scenario where all DTR replicas were lost, causing
the data volumes for all DTR replicas to get corrupted or lost.
![Failure scenario 3](../../images/dr-overview-3.svg)
In a disaster scenario like this, you'll have to restore DTR from an existing
backup. Restoring from a backup should be only used as a last resort, since
doing an emergency repair might prevent some data loss.
[Learn how to restore from a backup](restore-from-backup.md).

81
datacenter/dtr/2.5/admin/disaster-recovery/repair-a-cluster.md
View File

@ -1,81 +0,0 @@
---
title: Repair a cluster
description: Learn how to repair DTR when the majority of replicas are unhealthy.
keywords: dtr, disaster recovery
redirect_from:
- /datacenter/dtr/2.5/guides/admin/disaster-recovery/repair-a-cluster/
---
For a DTR cluster to be healthy, a majority of its replicas (n/2 + 1) need to
be healthy and be able to communicate with the other replicas. This is known
as maintaining quorum.
In a scenario where quorum is lost, but at least one replica is still
accessible, you can use that replica to repair the cluster. That replica doesn't
need to be completely healthy. The cluster can still be repaired as the DTR
data volumes are persisted and accessible.
![Unhealthy cluster](../../images/repair-cluster-1.svg)
Repairing the cluster from an existing replica minimizes the amount of data lost.
If this procedure doesn't work, you'll have to
[restore from an existing backup](restore-from-backup.md).
## Diagnose an unhealthy cluster
When a majority of replicas are unhealthy, causing the overall DTR cluster to
become unhealthy, operations like `docker login`, `docker pull`, and `docker push`
present `internal server error`.
Accessing the `/_ping` endpoint of any replica also returns the same error.
It's also possible that the DTR web UI is partially or fully unresponsive.
## Perform an emergency repair
Use the `docker/dtr emergency-repair` command to try to repair an unhealthy
DTR cluster, from an existing replica.
This command checks the data volumes for the DTR
This command checks the data volumes for the DTR replica are uncorrupted,
redeploys all internal DTR components and reconfigured them to use the existing
volumes.
It also reconfigures DTR removing all other nodes from the cluster, leaving DTR
as a single-replica cluster with the replica you chose.
Start by finding the ID of the DTR replica that you want to repair from.
You can find the list of replicas by navigating to the UCP web UI, or by using
a UCP client bundle to run:
{% raw %}
```bash
docker ps --format "{{.Names}}" | grep dtr
# The list of DTR containers with <node>/<component>-<replicaID>, e.g.
# node-1/dtr-api-a1640e1c15b6
```
{% endraw %}
Then, use your UCP client bundle to run the emergency repair command:
```bash
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} emergency-repair \
--ucp-insecure-tls \
--existing-replica-id <replica-id>
```
If the emergency repair procedure is successful, your DTR cluster now has a
single replica. You should now
[join more replicas for high availability](../configure/set-up-high-availability.md).
![Healthy cluster](../../images/repair-cluster-2.svg)
If the emergency repair command fails, try running it again using a different
replica ID. As a last resort, you can restore your cluster from an existing
backup.
## Where to go next
- [Create a backup](create-a-backup.md)
- [Restore from an existing backup](restore-from-backup.md)

105
datacenter/dtr/2.5/admin/disaster-recovery/repair-a-single-replica.md
View File

@ -1,105 +0,0 @@
---
title: Repair a single replica
description: Learn how to repair a single DTR replica when it is unhealthy.
keywords: dtr, disaster recovery
---
When one or more DTR replicas are unhealthy but the overall majority
(n/2 + 1) is healthy and able to communicate with one another, your DTR
cluster is still functional and healthy.
![Cluster with two nodes unhealthy](../../images/repair-replica-1.svg)
Given that the DTR cluster is healthy, there's no need to execute any disaster
recovery procedures like restoring from a backup.
Instead, you should:
1. Remove the unhealthy replicas from the DTR cluster.
2. Join new replicas to make DTR highly available.
Since a DTR cluster requires a majority of replicas to be healthy at all times,
the order of these operations is important. If you join more replicas before
removing the ones that are unhealthy, your DTR cluster might become unhealthy.
## Split-brain scenario
To understand why you should remove unhealthy replicas before joining new ones,
imagine you have a five-replica DTR deployment, and something goes wrong with
the overlay network connection the replicas, causing them to be separated in
two groups.
![Cluster with network problem](../../images/repair-replica-2.svg)
Because the cluster originally had five replicas, it can work as long as
three replicas are still healthy and able to communicate (5 / 2 + 1 = 3).
Even though the network separated the replicas in two groups, DTR is still
healthy.
If at this point you join a new replica instead of fixing the network problem
or removing the two replicas that got isolated from the rest, it's possible
that the new replica ends up in the side of the network partition that has
less replicas.
![cluster with split brain](../../images/repair-replica-3.svg)
When this happens, both groups now have the minimum amount of replicas needed
to establish a cluster. This is also known as a split-brain scenario, because
both groups can now accept writes and their histories start diverging, making
the two groups effectively two different clusters.
## Remove replicas
To remove unhealthy replicas, you'll first have to find the replica ID
of one of the replicas you want to keep, and the replica IDs of the unhealthy
replicas you want to remove.
You can find this in the **Stacks** page of the UCP web UI, or by using the UCP
client bundle to run:
{% raw %}
```bash
docker ps --format "{{.Names}}" | grep dtr
# The list of DTR containers with <node>/<component>-<replicaID>, e.g.
# node-1/dtr-api-a1640e1c15b6
```
{% endraw %}
Then use the UCP client bundle to remove the unhealthy replicas:
```bash
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} remove \
--existing-replica-id <healthy-replica-id> \
--replica-ids <unhealthy-replica-id> \
--ucp-insecure-tls \
--ucp-url <ucp-url> \
--ucp-username <user> \
--ucp-password <password>
```
You can remove more than one replica at the same time, by specifying multiple
IDs with a comma.
![Healthy cluster](../../images/repair-replica-4.svg)
## Join replicas
Once you've removed the unhealthy nodes from the cluster, you should join new
ones to make sure your cluster is highly available.
Use your UCP client bundle to run the following command which prompts you for
the necessary parameters:
```bash
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} join \
--ucp-node <ucp-node-name> \
--ucp-insecure-tls
```
[Learn more about high availability](../configure/set-up-high-availability.md).
## Where to go next
- [Disaster recovery overview](index.md)

92
datacenter/dtr/2.5/admin/disaster-recovery/restore-from-backup.md
View File

@ -1,92 +0,0 @@
---
title: Restore from a backup
description: Learn how to restore a DTR cluster from an existing backup
keywords: dtr, disaster recovery
---
{% assign metadata_backup_file = "dtr-metadata-backup.tar" %}
{% assign image_backup_file = "dtr-image-backup.tar" %}
## Restore DTR data
If your DTR has a majority of unhealthy replicas, the one way to restore it to
a working state is by restoring from an existing backup.
To restore DTR, you need to:
1. Stop any DTR containers that might be running
2. Restore the images from a backup
3. Restore DTR metadata from a backup
4. Re-fetch the vulnerability database
You need to restore DTR on the same UCP cluster where you've created the
backup. If you restore on a different UCP cluster, all DTR resources will be
owned by users that don't exist, so you'll not be able to manage the resources,
even though they're stored in the DTR data store.
When restoring, you need to use the same version of the `docker/dtr` image
that you've used when creating the update. Other versions are not guaranteed
to work.
### Remove DTR containers
Start by removing any DTR container that is still running:
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} destroy \
--ucp-insecure-tls
```
### Restore images
If you had DTR configured to store images on the local filesystem, you can
extract your backup:
```none
sudo tar -xf {{ image_backup_file }} -C /var/lib/docker/volumes
```
If you're using a different storage backend, follow the best practices
recommended for that system.
### Restore DTR metadata
You can restore the DTR metadata with the `docker/dtr restore` command. This
performs a fresh installation of DTR, and reconfigures it with
the configuration created during a backup.
Load your UCP client bundle, and run the following command, replacing the
placeholders for the real values:
```none
read -sp 'ucp password: ' UCP_PASSWORD; \
docker run -i --rm \
--env UCP_PASSWORD=$UCP_PASSWORD \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} restore \
--ucp-url <ucp-url> \
--ucp-insecure-tls \
--ucp-username <ucp-username> \
--ucp-node <hostname> \
--replica-id <replica-id> \
--dtr-external-url <dtr-external-url> < {{ metadata_backup_file }}
```
Where:
* `<ucp-url>` is the url you use to access UCP
* `<ucp-username>` is the username of a UCP administrator
* `<hostname>` is the hostname of the node where you've restored the images
* `<replica-id>` the id of the replica you backed up
* `<dtr-external-url>`the url that clients use to access DTR
If you're using NFS as a storage backend, also include `--nfs-storage-url` as
part of your restore command, otherwise DTR is restored but starts using a
local volume to persist your Docker images.
### Re-fetch the vulnerability database
If you're scanning images, you now need to download the vulnerability database.
After you successfully restore DTR, you can join new replicas the same way you
would after a fresh installation. [Learn more](../configure/set-up-vulnerability-scans.md).

25
datacenter/dtr/2.5/admin/install/uninstall.md
View File

@ -1,25 +0,0 @@
---
title: Uninstall Docker Trusted Registry
description: Learn how to uninstall your Docker Trusted Registry installation.
keywords: dtr, install, uninstall
---
Uninstalling DTR can be done by simply removing all data associated with each
replica. To do that, you just run the destroy command once per replica:
```bash
docker run -it --rm \
docker/dtr:{{ page.dtr_version }} destroy \
--ucp-insecure-tls
```
You will be prompted for the UCP URL, UCP credentials, and which replica to
destroy.
To see what options are available in the destroy command, check the
[destroy command reference documentation](/reference/dtr/2.5/cli/destroy.md).
## Where to go next
- [Scale your deployment](../configure/set-up-high-availability.md)
- [Install DTR](index.md)

156
datacenter/dtr/2.5/admin/disaster-recovery/create-a-backup.md → datacenter/dtr/2.5/guides/admin/backups-and-disaster-recovery.md
View File

@ -1,29 +1,34 @@
---
title: Create a backup
description: Learn how to create a backup of Docker Trusted Registry, for disaster recovery.
keywords: dtr, disaster recovery
title: DTR backups and recovery
description: Learn how to back up your Docker Trusted Registry cluster, and to recover your cluster from an existing backup.
keywords: registry, high-availability, backup, recovery
---
{% assign metadata_backup_file = "dtr-metadata-backup.tar" %}
{% assign image_backup_file = "dtr-image-backup.tar" %}
{% assign image_backup_file = "backup-images.tar" %}
{% assign metadata_backup_file = "backup-metadata.tar" %}
DTR requires that a majority (n/2 + 1) of its replicas are healthy at all times
for it to work. So if a majority of replicas is unhealthy or lost, the only
way to restore DTR to a working state, is by recovering from a backup. This
is why it's important to ensure replicas are healthy and perform frequent
backups.
## Data managed by DTR
Docker Trusted Registry maintains data about:
| Data | Description |
|:-----------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------|
| Configurations | The DTR cluster configurations |
| Repository metadata | The metadata about the repositories and images deployed |
| Access control to repos and images | Permissions for teams and repositories |
| Notary data | Notary tags and signatures |
| Scan results | Security scanning results for images |
| Certificates and keys | The certificates, public keys, and private keys that are used for mutual TLS communication |
| Images content | The images you push to DTR. This can be stored on the file system of the node running DTR, or other storage system, depending on the configuration |
| Data | Description |
|:-----------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------|
| Configurations | The DTR cluster configurations |
| Repository metadata | The metadata about the repositories and images deployed |
| Access control to repos and images | Permissions for teams and repositories |
| Notary data | Notary tags and signatures |
| Scan results | Security scanning results for images |
| Certificates and keys | The certificates, public keys, and private keys that are used for mutual TLS communication |
| Images content | The images you push to DTR. This can be stored on the filesystem of the node running DTR, or other storage system, depending on the configuration |
This data is persisted on the host running DTR, using named volumes.
[Learn more about DTR named volumes](../../architecture.md).
[Learn more about DTR named volumes](../architecture.md).
To perform a backup of a DTR node, run the `docker/dtr backup` command. This
command backups up the following data:
@ -56,16 +61,14 @@ restore.
Since you can configure the storage backend that DTR uses to store images,
the way you backup images depends on the storage backend you're using.
If you've configured DTR to store images on the local file system or NFS mount,
If you've configured DTR to store images on the local filesystem or NFS mount,
you can backup the images by using ssh to log into a node where DTR is running,
and creating a tar archive of the [dtr-registry volume](../../architecture.md):
and creating a tar archive of the [dtr-registry volume](../architecture.md):
{% raw %}
```none
sudo tar -cf {{ image_backup_file }} \
$(dirname $(docker volume inspect --format '{{.Mountpoint}}' dtr-registry-<replica-id>))
{% raw %}$(dirname $(docker volume inspect --format '{{.Mountpoint}}' dtr-registry-<replica-id>)){% endraw %}
```
{% endraw %}
If you're using a different storage backend, follow the best practices
recommended for that system.
@ -89,23 +92,17 @@ docker run --log-driver none -i --rm \
Where:
* `<ucp-url>` is the url you use to access UCP.
* `<ucp-username>` is the username of a UCP administrator.
* `<replica-id>` is the id of the DTR replica to backup.
* `<ucp-url>` is the url you use to access UCP
* `<ucp-username>` is the username of a UCP administrator
* `<replica-id>` is the id of the DTR replica to backup
This prompts you for the UCP password, backups up the DTR metadata and saves the
result into a tar archive. You can learn more about the supported flags in
the [reference documentation](/reference/dtr/2.5/cli/backup.md).
the [reference documentation](../../reference/cli/backup.md).
By default the backup command doesn't stop the DTR replica being backed up.
This allows performing backups without affecting your users. Since the replica
is not stopped, it's possible that happen while the backup is taking place, won't
be persisted.
You can use the `--offline-backup` option to stop the DTR replica while taking
the backup. If you do this, remove the replica from the load balancing pool.
Also, the backup contains sensitive information
The backup command doesn't stop DTR, so that you can take frequent backups
without affecting your users. Also, the backup contains sensitive information
like private keys, so you can encrypt the backup by running:
```none
@ -121,7 +118,7 @@ To validate that the backup was correctly performed, you can print the contents
of the tar file created. The backup of the images should look like:
```none
tar -tf {{ metadata_backup_file }}
tar -tf {{ image_backup_file }}
dtr-backup-v{{ page.dtr_version }}/
dtr-backup-v{{ page.dtr_version }}/rethink/
@ -149,3 +146,94 @@ gpg -d {{ metadata_backup_file }} | tar -t
You can also create a backup of a UCP cluster and restore it into a new
cluster. Then restore DTR on that new cluster to confirm that everything is
working as expected.
## Restore DTR data
If your DTR has a majority of unhealthy replicas, the one way to restore it to
a working state is by restoring from an existing backup.
To restore DTR, you need to:
1. Stop any DTR containers that might be running
2. Restore the images from a backup
3. Restore DTR metadata from a backup
4. Re-fetch the vulnerability database
You need to restore DTR on the same UCP cluster where you've created the
backup. If you restore on a different UCP cluster, all DTR resources will be
owned by users that don't exist, so you can't manage the resources,
even though they're stored in the DTR data store.
When restoring, you need to use the same version of the `docker/dtr` image
that you've used when creating the update. Other versions are not guaranteed
to work.
### Stop DTR containers
Start by removing any DTR container that is still running:
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} destroy \
--ucp-insecure-tls
```
### Restore images
If you had DTR configured to store images on the local filesystem, you can
extract your backup:
```none
sudo tar -xf {{ image_backup_file }} -C /
```
If you're using a different storage backend, follow the best practices
recommended for that system. When restoring the DTR metadata, DTR will be
deployed with the same configurations it had when creating the backup.
### Restore DTR metadata
You can restore the DTR metadata with the `docker/dtr restore` command. This
performs a fresh installation of DTR, and reconfigures it with
the configuration created during a backup.
Load your UCP client bundle, and run the following command, replacing the
placeholders for the real values:
```none
read -sp 'ucp password: ' UCP_PASSWORD; \
docker run -i --rm \
--env UCP_PASSWORD=$UCP_PASSWORD \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} restore \
--ucp-url <ucp-url> \
--ucp-insecure-tls \
--ucp-username <ucp-username> \
--ucp-node <hostname> \
--replica-id <replica-id> \
--dtr-external-url <dtr-external-url> < {{ metadata_backup_file }}
```
Where:
* `<ucp-url>` is the url you use to access UCP
* `<ucp-username>` is the username of a UCP administrator
* `<hostname>` is the hostname of the node where you've restored the images
* `<replica-id>` the id of the replica you backed up
* `<dtr-external-url>`the url that clients use to access DTR
If you're using NFS as a storage backend, also include `--nfs-storage-url` as
part of your restore command, otherwise DTR is restored but starts using a
local volume to persist your Docker images.
### Re-fetch the vulnerability database
If you're scanning images, you now need to download the vulnerability database.
After you successfully restore DTR, you can join new replicas the same way you
would after a fresh installation. [Learn more](configure/set-up-vulnerability-scans.md).
## Where to go next
* [Set up high availability](configure/set-up-high-availability.md)
* [DTR architecture](../architecture.md)

75
datacenter/dtr/2.5/guides/admin/configure/deploy-caches/chaining.md Normal file
View File

@ -0,0 +1,75 @@
---
title: Chain multiple caches
description: Learn how to deploy and chain multiple caches for Docker Trusted Registry, to cover multiple regions or offices
keywords: dtr, tls
---
If your users are distributed geographically, consider chaining multiple DTR
caches together for faster pulls.
![cache chaining](../../../images/chaining-1.svg)
Too many levels of chaining might slow down pulls, so you should try different
configurations and benchmark them, to find out the right configuration.
This example shows how to configure two caches. A dedicated cache for
the Asia region that pulls images directly from DTR, and a cache for China, that
pulls images from the Asia cache.
## Cache for the Asia region
This cache has TLS, and pulls images directly from DTR:
```
version: 0.1
storage:
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
tls:
certificate: /certs/asia-ca.pem
key: /certs/asia-key.pem
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- https://<dtr-url>
cas:
- /certs/dtr-ca.pem
```
## Cache for the China region
This cache has TLS, and pulls images from the Asia cache:
```
version: 0.1
storage:
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
tls:
certificate: /certs/china-ca.pem
key: /certs/china-key.pem
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- https://<asia-cache-url>
cas:
- /certs/asia-cache-ca.pem
```
Since the China cache doesn't need to communicate directly with DTR,
it only needs to trust the CA certificates for the next hop, in this case
the CA certificate used by the Asia cache.

224
datacenter/dtr/2.5/guides/admin/configure/deploy-caches/index.md Normal file
View File

@ -0,0 +1,224 @@
---
title: Deploy DTR caches
description: Learn how to deploy and configure DTR caches, so that users can pull images faster.
keywords: registry, dtr, cache
---
You can configure DTR to have multiple caches. Once you've deployed caches,
users can configure their DTR user account to specify which cache to pull from.
Then, when users pull from DTR, they are redirected to pull from the cache
configured on their user account. By deploying caches geographically closer to remote
offices and low connectivity areas, users can pull images faster.
User requests are authenticated when pulling from a cache. Users can only pull
images from a cache if they have access. And if the image has changed in DTR,
users will pull the latest version, not an outdated one.
## How caches work
After you've deployed the caches, users can configure which cache to
pull from on their DTR user settings page.
![](../../../images/cache-docker-images-1.svg)
When users try to pull an image by running
`docker pull <dtr-url>/<org>/<repository>`, the following happens:
1. The Docker client makes a request to DTR which in turn authenticates the
request
2. The Docker client requests the image manifest to DTR. This ensures that
users will always pull the correct image, and not an outdated version
3. The Docker client requests the layer blobs to DTR, which becomes signed
and redirected to the cache configured by the user
4. If the blob exists on the cache it is sent to the user. Otherwise, the cache
pulls it from DTR and sends it to the user
When a user pushes an image, that image is pushed directly to DTR. A cache
will only store the image when a user tries to pull the image using that cache.
## Configure the cache
DTR caches are based on Docker Registry, and use the same configuration
file format.
[Learn more about the configuration options](/registry/configuration.md).
The DTR cache extends the Docker Registry configuration file format by
introducing a new middleware called `downstream` that has three configuration
options: `blobttl`, `upstreams`, and `cas`:
```none
# Settings that you would include in a
# Docker Registry configuration file followed by
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- <Externally-reachable address for upstream registry or content cache in format scheme://host:port>
cas:
- <Absolute path to next-hop upstream registry or content cache CA certificate in the container's filesystem>
```
Below you can find the description for each parameter, specific to DTR caches.
<table>
<tr>
<th>Parameter</th>
<th>Required</th>
<th>Description</th>
</tr>
<tr>
<td>
<code>blobttl</code>
</td>
<td>
no
</td>
<td>
The TTL for blobs in the cache. This field takes a positive integer and an optional suffix indicating the unit of time. If
this field is configured, "storage.delete.enabled" must be configured to true. Possible units are:
<ul>
<li><code>ns</code> (nanoseconds)</li>
<li><code>us</code> (microseconds)</li>
<li><code>ms</code> (milliseconds)</li>
<li><code>s</code> (seconds)</li>
<li><code>m</code> (minutes)</li>
<li><code>h</code> (hours)</li>
</ul>
If you omit the suffix, the system interprets the value as nanoseconds.
</td>
</tr>
<tr>
<td>
<code>cas</code>
</td>
<td>
no
</td>
<td>
An optional list of absolute paths to PEM-encoded CA certificates of upstream registries or content caches.
</td>
</tr>
<tr>
<td>
<code>upstreams</code>
</td>
<td>
yes
</td>
<td>
A list of externally-reachable addresses for upstream registries of content caches. If more than one host is specified, it will pull from registries in round-robin order.
</td>
</tr>
</table>
## Deploy a simple cache
You can deploy a Docker Content Cache on any host that has Docker installed.
The only requirements are that:
* Users need to have access to both DTR and the cache
* The cache needs access to DTR
![](../../../images/cache-docker-images-2.svg)
On the host where the cache will be deployed, create a `config.yml` file with
the following content:
```
version: 0.1
storage:
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- https://<dtr-url>
cas:
- /certs/dtr-ca.pem
```
This configures the cache to store the images in the directory
`/var/lib/registry`, exposes the cache service on port 5000, and configures the
cache to delete images that are not pulled in the last 24 hours. It also
defines where DTR can be reached, and which CA certificates should be trusted.
Now we need to download the CA certificate used by DTR. For this, run:
```
curl -k https://<dtr-url>/ca > dtr-ca.pem
```
Now that we've got the cache configuration file and DTR CA certificate, we can
deploy the cache by running:
```none
docker run --detach --restart always \
--name dtr-cache \
--publish 5000:5000 \
--volume $(pwd)/dtr-ca.pem:/certs/dtr-ca.pem \
--volume $(pwd)/config.yml:/config.yml \
{{ page.dtr_org }}/dtr-content-cache:{{ page.dtr_version }} /config.yml
```
You can also run the command in interactive mode instead of detached by
replacing `--detached` with `--interactive`. This allows you to
see the logs generated by the container and troubleshoot misconfigurations.
Now that you've deployed a cache, you need to configure DTR to know about it.
This is done using the `POST /api/v0/content_caches` API. You can use the
DTR interactive API documentation to use this API.
In the DTR web UI, click the top-right menu, and choose **API docs**.
![](../../../images/cache-docker-images-2.png){: .with-border}
Navigate to the `POST /api/v0/content_caches` line and click it to expand.
In the **body** field include:
```
{
"name": "region-us",
"host": "http://<cache-public-ip>:5000"
}
```
Click the **Try it out!** button to make the API call.
![](../../../images/cache-docker-images-3.png){: .with-border}
Now that DTR knows about the cache we've created, we just need to configure
our DTR user settings to start using that cache.
In the DTR web UI, navigate to your **user profile**, click the **Settings**
tab, and change the **Content Cache** settings to use the **region-us** cache.
![](../../../images/cache-docker-images-4.png){: .with-border}
You can also automate this through the `/api/v0/accounts/{username}/settings`
API.
Now when you pull images, you use the cache. To test this, try pulling
an image from DTR. You can inspect the logs of the cache service, to validate
that the cache is being used, and troubleshoot problems.
In the host where you've deployed the `region-us` cache, run:
```
docker container logs dtr-cache
```
## Where to go next
* [Deploy caches with TLS](tls.md)

93
datacenter/dtr/2.5/guides/admin/configure/deploy-caches/tls.md Normal file
View File

@ -0,0 +1,93 @@
---
title: Deploy caches with TLS
description: Learn how to deploy and secure caches for Docker Trusted Registry, leveraging TLS
keywords: dtr, tls
---
When running DTR caches on a production environment, you should secure them
with TLS. In this example we're going to deploy a DTR cache that uses TLS.
DTR caches use the same configuration file format used by Docker Registry.
You can learn more about the supported configuration in the
[Docker Registry documentation](/registry/configuration.md#tls).
## Get the TLS certificate and keys
Before deploying a DTR cache with TLS you need to obtain a public key
certificate for the domain name where you deploy the cache, as well as
the public and private key files for that certificate.
Once you have then, transfer those file to the host where you plan to deploy
the DTR cache.
## Create the cache configuration
Use SSH to log into the host where you plan to deploy the DTR cache, and navigate to
the directory where you've stored the TLS certificate and keys.
Create the `config.yml` file with the following content:
```
version: 0.1
storage:
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
tls:
certificate: /certs/dtr-cache-ca.pem
key: /certs/dtr-cache-key.pem
middleware:
registry:
- name: downstream
options:
blobttl: 24h
upstreams:
- https://<dtr-url>
cas:
- /certs/dtr-ca.pem
```
The configuration file mentions:
* /certs/dtr-cache-ca.pem: this is the public key certificate the cache will use
* /certs/dtr-cache-key.pem: this is the TLS private key
* /certs/dtr-ca.pem is the CA certificate used by DTR
Run this command to download the CA certificate used by DTR:
```
curl -k https://<dtr-url>/ca > dtr-ca.pem
```
Now that we've got the cache configuration file and TLS certificates, we can
deploy the cache by running:
```none
docker run --detach --restart always \
--name dtr-cache \
--publish 5000:5000 \
--volume $(pwd)/dtr-cache-ca.pem:/certs/dtr-cache-ca.pem \
--volume $(pwd)/dtr-cache-key.pem:/certs/dtr-cache-key.pem \
--volume $(pwd)/dtr-ca.pem:/certs/dtr-ca.pem \
--volume $(pwd)/config.yml:/config.yml \
docker/dtr-content-cache:{{ page.dtr_version }} /config.yml
```
## Use Let's Encrypt
You can also use Let's Encrypt to automatically generate TLS certificates that
are trusted by most clients.
Learn more [about Let's Encrypt](https://letsencrypt.org/how-it-works/), and
how to
[create a configuration file that leverages it](/registry/configuration.md#letsencrypt).
## Where to go next
* [Chain multiple caches](chaining.md)

8
datacenter/dtr/2.5/admin/configure/enable-single-sign-on.md → datacenter/dtr/2.5/guides/admin/configure/enable-single-sign-on.md
View File

@ -1,14 +1,14 @@
---
title: Enable single sign-on
description: Learn how to set up single sign-on between UCP and DTR, so that your users only have to authenticate once
description: Learn how to set up single sign-on between UCP and DTR, so that your users only need to authenticate once
keywords: dtr, login, sso
---
By default, users are shared between UCP and DTR, but you have to authenticate
By default, users are shared between UCP and DTR, but you need to authenticate
separately on the web UI of both applications.
You can configure DTR to have single sign-on (SSO) with UCP, so that users only
have to authenticate once.
need to authenticate once.
## At installation time
@ -39,4 +39,4 @@ DTR once they are authenticated.
## Where to go next
- [Use your own TLS certificates](use-your-own-tls-certificates.md)
* [Use your own TLS certificates](use-your-own-tls-certificates.md)

4
datacenter/dtr/2.5/admin/configure/external-storage/index.md → datacenter/dtr/2.5/guides/admin/configure/external-storage/index.md
View File

@ -51,16 +51,16 @@ same images.
To check how much space your images are taking in the local filesystem, you
can ssh into the node where DTR is deployed and run:
```bash
{% raw %}
```
# Find the path to the volume
docker volume inspect dtr-registry-<replica-id>
# Check the disk usage
sudo du -hs \
$(dirname $(docker volume inspect --format '{{.Mountpoint}}' dtr-registry-<dtr-replica>))
{% endraw %}
```
{% endraw %}
## NFS

16
datacenter/dtr/2.5/admin/configure/external-storage/nfs.md → datacenter/dtr/2.5/guides/admin/configure/external-storage/nfs.md
View File

@ -23,15 +23,15 @@ showmount -e <nfsserver>
You should also try to mount one of the exported directories:
```bash
mkdir /tmp/mydir && sudo mount -t nfs <nfs server>:<directory> /tmp/mydir
mkdir /tmp/mydir && sudo mount -t nfs <nfs server>:<directory>
```
## Install DTR with NFS
One way to configure DTR to use an NFS directory is at install time:
```bash
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ dtr_version }} install \
```none
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} install \
--nfs-storage-url <nfs-storage-url> \
<other options>
```
@ -49,16 +49,16 @@ NFS you can continue using the same configurations.
If you want to start using the new DTR built-in support for NFS you can
reconfigure DTR:
```bash
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ dtr_version }} reconfigure \
```none
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} reconfigure \
--nfs-storage-url <nfs-storage-url>
```
If you want to reconfigure DTR to stop using NFS storage, leave the option
in blank:
```bash
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ dtr_version}} reconfigure \
```none
docker run -it --rm {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version}} reconfigure \
--nfs-storage-url ""
```
@ -68,4 +68,4 @@ add it back again.
## Where to go next
- [Configure where images are stored](index.md)
* [Configure where images are stored](index.md)

36
datacenter/dtr/2.5/admin/configure/external-storage/s3.md → datacenter/dtr/2.5/guides/admin/configure/external-storage/s3.md
View File

@ -6,7 +6,7 @@ keywords: dtr, storage driver, s3
---
You can configure DTR to store Docker images on Amazon S3, or other file servers
with an S3-compatible API like Cleversafe or Minio.
with an S3-compatible API like Minio.
Amazon S3 and compatible services store files in "buckets", and users have
permissions to read, write, and delete files from those buckets. When you
@ -26,8 +26,8 @@ Then, as a best practice you should
just for the DTR
integration and apply an IAM policy that ensures the user has limited permissions.
This user only needs permissions to access the bucket that you'll use to store
images, and be able to read, write, and delete files.
This user only needs permissions to access the bucket that you use to store
images, and the ability read, write, and delete files.
Here's an example of a policy like that:
@ -98,38 +98,14 @@ Once you click **Save**, DTR validates the configurations and saves the changes.
## Configure your clients
If you're using a TLS certificate in your storage backend that's not globally
trusted, you'll have to configure all Docker Engines that push or pull from DTR
If you use a TLS certificate in your storage backend that's not globally
trusted, you need to configure all Docker Engines that push or pull from DTR
to trust that certificate. When you push or pull an image DTR redirects the
requests to the storage backend, so if clients don't trust the TLS certificates
of both DTR and the storage backend, they won't be able to push or pull images.
of both DTR and the storage backend, they can't push or pull images.
[Learn how to configure the Docker client](../../../user/access-dtr/index.md).
And if you've configured DTR to skip TLS verification, you also need to
configure all Docker Engines that push or pull from DTR to skip TLS
verification. You do this by adding DTR to
the [list of insecure registries when starting Docker](/engine/reference/commandline/dockerd.md).
## Supported regions
DTR supports the following S3 regions:
| Region |
|:---------------|
| us-east-1 |
| us-east-2 |
| us-west-1 |
| us-west-2 |
| eu-west-1 |
| eu-west-2 |
| eu-central-1 |
| ap-south-1 |
| ap-southeast-1 |
| ap-southeast-2 |
| ap-northeast-1 |
| ap-northeast-2 |
| sa-east-1 |
| cn-north-1 |
| us-gov-west-1 |
| ca-central-1 |

30
datacenter/dtr/2.5/admin/configure/garbage-collection.md → datacenter/dtr/2.5/guides/admin/configure/garbage-collection.md
View File

@ -3,6 +3,8 @@ title: Garbage collection
description: Save disk space by configuring the garbage collection settings in
Docker Trusted Registry
keywords: registry, garbage collection, gc, space, disk space
redirect_from:
- /ee/dtr/admin/configure/garbage-collection/
---
You can configure Docker Trusted Registry to automatically delete unused image
@ -11,26 +13,14 @@ layers, thus saving you disk space. This process is also known as garbage collec
## How DTR deletes unused layers
First you configure DTR to run a garbage collection job on a fixed schedule. At
the scheduled time DTR:
the scheduled time:
2. Identifies and marks unused image layers.
3. Deletes the marked image layers.
1. DTR becomes read-only. Images can be pulled, but pushes are not allowed.
2. DTR identifies and marks all unused image layers.
3. DTR deletes the marked image layers.
By default, when the garbage collection job starts DTR is put in read-only mode.
Starting in DTR 2.5, you can configure DTR to run garbage collection jobs
without putting DTR in read-only. This feature is still experimental.
To enable this, navigate to the **DTR web UI**, go to **Settings** and
choose **Garbage collection**.
![upgrade garbage collection](../../images/garbage-collection-0.png){: .with-border}
Once enabled this setting can't be changed back. The upgrade process might
take a while depending on the amount of Docker images that you have stored.
During this upgrade users can still push and pull images from DTR, but
the garbage collection job will be temporarily disabled.
Since this process puts DTR in read-only mode and is CPU-intensive, you should
run garbage collection jobs outside business peak hours.
## Schedule garbage collection
@ -85,7 +75,7 @@ files of that image tag since it's possible that there are other tags that
also use the same files.
To delete unused image layers, DTR:
1. Becomes read-only to make sure that no one is able to push an image, thus
1. Becomes read-only to make sure that no one can push an image, thus
changing the underlying files in the filesystem.
2. Check all the manifest files and keep a record of the files that are
referenced.
@ -94,4 +84,4 @@ can be safely deleted.
## Where to go next
- [Deploy DTR caches](deploy-caches/index.md)
* [Deploy DTR caches](deploy-caches/index.md)

5
datacenter/dtr/2.5/admin/configure/license-your-installation.md → datacenter/dtr/2.5/guides/admin/configure/license-your-installation.md
View File

@ -8,7 +8,7 @@ By default, you don't need to license your Docker Trusted Registry. When
installing DTR, it automatically starts using the same license file used on
your Docker Universal Control Plane cluster.
However, there are some situations when you have to manually license your
However, there are some situations when you need to manually license your
DTR installation:
* When upgrading to a new major version,
@ -33,6 +33,7 @@ page**.
Click the **Apply new license** button, and upload your new license file.
## Where to go next
- [Enable single sign-on](enable-single-sign-on.md)
* [Enable single sign-on](enable-single-sign-on.md)

11
datacenter/dtr/2.5/admin/configure/set-up-high-availability.md → datacenter/dtr/2.5/guides/admin/configure/set-up-high-availability.md
View File

@ -34,15 +34,12 @@ decreases. Don't leave that replica offline for long.
* Adding too many replicas to the cluster might also lead to performance
degradation, as data needs to be replicated across all replicas.
To have high-availability on UCP and DTR, you need a minimum of:
To have high-availability on UCP and DTR, it is recommended to have a minimum of:
* 3 dedicated nodes to install UCP with high availability,
* 3 dedicated nodes to install DTR with high availability,
* As many nodes as you want for running your containers and applications.
You also need to configure the DTR replicas to share the
[same object storage](external-storage/index.md).
## Join more DTR replicas
To add replicas to an existing DTR deployment:
@ -51,7 +48,7 @@ To add replicas to an existing DTR deployment:
2. Run the DTR join command:
```bash
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} join \
--ucp-node <ucp-node-name> \
@ -71,7 +68,7 @@ To remove a DTR replica from your deployment:
1. Use ssh to log into any node that is part of UCP.
2. Run the DTR remove command:
```bash
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} remove \
--ucp-insecure-tls
@ -89,4 +86,4 @@ forget to remove this replica from the load balancing pool.
## Where to go next
- [Set up vulnerability scans](set-up-vulnerability-scans.md)
* [Set up vulnerability scans](set-up-vulnerability-scans.md)

14
datacenter/dtr/2.5/admin/configure/set-up-vulnerability-scans.md → datacenter/dtr/2.5/guides/admin/configure/set-up-vulnerability-scans.md
View File

@ -2,10 +2,11 @@
title: Set up Security Scanning in DTR
description: Enable and configure Docker Security Scanning for Docker Trusted Registry.
keywords: registry, scanning, security scan, vulnerability, CVE
redirect_from:
- /docker-cloud/builds/image-scan/
---
This page explains how to set up and enable Docker Security Scanning on an
existing installation of Docker Trusted Registry.
This page explains how to set up and enable Docker Security Scanning on an existing installation of Docker Trusted Registry.
## Prerequisites
@ -31,12 +32,9 @@ automatically, make sure that the server hosting your DTR instance can access
If your DTR instance already has a license that includes Security Scanning, skip
this step and proceed to [enable DTR Security Scanning](#enable-dtr-security-scanning).
> **Tip**: To check if your existing DTR license includes scanning, navigate
> to the DTR **Settings** page, and click **Security**. If an "Enable scanning"
> toggle appears, the license includes scanning.
> **Tip**: To check if your existing DTR license includes scanning, navigate to the DTR **Settings** page, and click **Security**. If an "Enable scanning" toggle appears, the license includes scanning.
If your current DTR license doesn't include scanning, you must first download
the new license.
If your current DTR license doesn't include scanning, you must first download the new license.
1. Log in to the Docker Store using a Docker ID with access to the license you need.
2. In the top right corner, click your user account icon, and select **My Content**.
@ -187,4 +185,4 @@ Your choice is saved automatically.
## Where to go next
- [Deploy DTR caches](deploy-caches/index.md)
* [Deploy DTR caches](deploy-caches/index.md)

70
datacenter/dtr/2.5/admin/configure/use-a-load-balancer.md → datacenter/dtr/2.5/guides/admin/configure/use-a-load-balancer.md
View File

@ -15,38 +15,22 @@ This allows users to access DTR using a centralized domain name. If a replica
goes down, the load balancer can detect that and stop forwarding requests to
it, so that the failure goes unnoticed by users.
DTR exposes several endpoints you can use to assess if a DTR replica is healthy
or not:
* `/_ping`: Is an unauthenticated endpoint that checks if the DTR replica is
healthy. This is useful for load balancing or other automated health check tasks.
* `/nginx_status`: Returns the number of connections being handled by the
NGINX front-end used by DTR.
* `/api/v0/meta/cluster_status`: Returns extensive information about all DTR
replicas.
## Load balance DTR
## Load balancing DTR
DTR does not provide a load balancing service. You can use an on-premises
or cloud-based load balancer to balance requests across multiple DTR replicas.
> Additional load balancer requirements for UCP
>
> If you are also using UCP, there are [additional requirements](https://docs.docker.com/ee/ucp/admin/configure/join-nodes/use-a-load-balancer/#load-balancing-ucp-and-dtr) if you plan to load balance both UCP and DTR using the same load balancer.
>
>{: .important}
Make sure you configure your load balancer to:
You can use the unauthenticated `/_ping` endpoint on each DTR replica,
to check if the replica is healthy and if it should remain in the load balancing
pool or not.
* Load balance TCP traffic on ports 80 and 443
* Make sure the load balancer is not buffering requests
* Make sure the load balancer is forwarding the `Host` HTTP header correctly
* Make sure there's no timeout for idle connections, or set it to more than 10 minutes
* Use the unauthenticated `/_ping` endpoint (note the lack of an `/api/v0/` in
the path) on each DTR replica, to check if the replica is healthy and if it
should remain in the load balancing pool or not
Also, make sure you configure your load balancer to:
* Load balance TCP traffic on ports 80 and 443.
* Not terminate HTTPS connections.
* Not buffer requests.
* Forward the `Host` HTTP header correctly.
* Have no timeout for idle connections, or set it to more than 10 minutes.
## Health check endpoints
The `/_ping` endpoint returns a JSON object for the replica being queried of
the form:
@ -69,10 +53,38 @@ with more details on any one of these services:
* Metadata persistence (rethinkdb)
* Content trust (notary)
Note that this endpoint is for checking the health of a single replica. To get
This endpoint is for checking the health of a *single* replica. To get
the health of every replica in a cluster, querying each replica individually is
the preferred way to do it in real time.
The `/api/v0/meta/cluster_status`
[endpoint](../../../reference/api)
returns a JSON object for the entire cluster *as observed* by the replica being
queried, and it takes the form:
```json
{
"replica_health": {
"replica id": "OK",
"another replica id": "error message"
},
"replica_timestamp": {
"replica id": "2006-01-02T15:04:05Z07:00",
"another replica id": "2006-01-02T15:04:05Z07:00"
},
"(other fields go here)": "..."
}
```
Health statuses for the replicas is available in the `"replica_health"` object.
These statuses are taken from a cache which is last updated by each replica
individually at the time specified in the `"replica_timestamp"` object.
The response also contains information about the internal DTR storage state,
which is around 45 KB of data. This, combined with the fact that the endpoint
requires admin credentials, means it is not particularly appropriate for load
balance checks. Use `/_ping` instead for those kinds of checks.
## Configuration examples
@ -276,5 +288,5 @@ docker run --detach \
## Where to go next
- [Backups and disaster recovery](../disaster-recovery/index.md)
- [Monitor and troubleshoot](../monitor-and-troubleshoot/index.md)
* [Backups and disaster recovery](../backups-and-disaster-recovery.md)
* [DTR architecture](../../architecture.md)

18
datacenter/dtr/2.5/admin/configure/use-a-web-proxy.md → datacenter/dtr/2.5/guides/admin/configure/use-a-web-proxy.md
View File

@ -7,7 +7,7 @@ keywords: dtr, configure, http, proxy
Docker Trusted Registry makes outgoing connections to check for new versions,
automatically renew its license, and update its vulnerability database.
If DTR can't access the internet, then you'll have to manually apply updates.
If DTR can't access the internet, then you need to manually apply updates.
One option to keep your environment secure while still allowing DTR access to
the internet is to use a web proxy. If you have an HTTP or HTTPS proxy, you
@ -16,7 +16,7 @@ outside business peak hours.
As an administrator, log into a node where DTR is deployed, and run:
```bash
```
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} reconfigure \
--http-proxy http://<domain>:<port> \
@ -28,18 +28,6 @@ To confirm how DTR is configured, check the **Settings** page on the web UI.
![DTR settings](../../images/use-a-web-proxy-1.png){: .with-border}
If by chance the web proxy requires authentication you can submit the username
and password, in the command, as shown below:
```bash
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} reconfigure \
--http-proxy username:password@<domain>:<port> \
--https-proxy username:password@<doman>:<port> \
--ucp-insecure-tls
```
NOTE: DTR will hide the password portion of the URL, when it is displayed in the DTR UI.
## Where to go next
- [Configure garbage collection](garbage-collection.md)
* [Configure garbage collection](garbage-collection.md)

7
datacenter/dtr/2.5/admin/configure/use-your-own-tls-certificates.md → datacenter/dtr/2.5/guides/admin/configure/use-your-own-tls-certificates.md
View File

@ -4,10 +4,11 @@ description: Learn how to configure Docker Trusted Registry with your own TLS ce
keywords: dtr, tls
---
By default the DTR services are exposed using HTTPS, to ensure all
communications between clients and DTR is encrypted. Since DTR
replicas use self-signed certificates for this, when a client accesses
DTR, their browsers won't trust this certificate, so the browser displays a
DTR, their browsers don't trust this certificate, so the browser displays a
warning message.
You can configure DTR to use your own certificates, so that it is automatically
@ -36,9 +37,9 @@ Finally, click **Save** for the changes to take effect.
If you're using certificates issued by a globally trusted certificate authority,
any web browser or client tool should now trust DTR. If you're using an internal
certificate authority, you'll need to configure your system to trust that
certificate authority, configure your system to trust that
certificate authority.
## Where to go next
- [Set up external storage](external-storage/index.md)
* [Set up external storage](external-storage/index.md)

29
datacenter/dtr/2.5/admin/install/index.md → datacenter/dtr/2.5/guides/admin/install/index.md
View File

@ -2,9 +2,6 @@
title: Install Docker Trusted Registry
description: Learn how to install Docker Trusted Registry for production.
keywords: dtr, registry, install
redirect_from:
- /datacenter/dtr/2.3/guides/admin/install/
- /datacenter/dtr/2.5/guides/admin/install/
---
Docker Trusted Registry (DTR) is a containerized application that runs on a
@ -37,10 +34,10 @@ choose **Docker Trusted Registry**.
![](../../images/install-dtr-2.png){: .with-border}
After you configure all the options, you'll have a snippet that you can use
After you configure all the options, you have a snippet that you can use
to deploy DTR. It should look like this:
```bash
```none
# Pull the latest version of DTR
$ docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }}
@ -55,12 +52,7 @@ You can run that snippet on any node where Docker is installed. As an example
you can SSH into a UCP node and run the DTR installer from there. By default
the installer runs in interactive mode and prompts you for any additional
information that is necessary.
[Learn more about the installer](/reference/dtr/2.5/cli/install.md).
By default DTR is deployed with self-signed certificates, so your UCP deployment
might not be able to pull images from DTR.
Use the `--dtr-external-url <dtr-domain>:<port>` optional flag while deploying
DTR, so that UCP is automatically reconfigured to trust DTR.
[Learn more about the installer](../../../reference/cli/install.md).
## Step 4. Check that DTR is running
@ -91,11 +83,8 @@ After installing DTR, you should configure:
## Step 6. Test pushing and pulling
Now that you have a working installation of DTR, you should test that you can
push and pull images to it:
* [Configure your local Docker Engine](../../user/access-dtr/index.md)
* [Create a repository](../../user/manage-images/index.md)
* [Push and pull images](../../user/manage-images/pull-and-push-images.md)
push and pull images to it.
[Learn how to push and pull images](../../user/manage-images/pull-and-push-images.md).
## Step 7. Join replicas to the cluster
@ -121,7 +110,7 @@ To add replicas to a DTR cluster, use the `docker/dtr join` command:
Then run:
```bash
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} join \
--ucp-node <ucp-node-name> \
@ -136,7 +125,7 @@ To add replicas to a DTR cluster, use the `docker/dtr join` command:
![](../../images/install-dtr-6.png){: .with-border}
## Where to go next
## See also
- [Install DTR offline](install-offline.md)
- [Upgrade DTR](../upgrade.md)
* [Install DTR offline](install-offline.md)
* [Upgrade DTR](../upgrade.md)

6
datacenter/dtr/2.5/admin/install/install-offline.md → datacenter/dtr/2.5/guides/admin/install/install-offline.md
View File

@ -15,7 +15,7 @@ all the images. Then you copy that package to the host where youll install DT
## Versions available
{% include components/ddc_url_list_2.html product="dtr" version="2.5" %}
{% include components/ddc_url_list_2.html product="dtr" version="2.4" %}
## Download the offline package
@ -66,5 +66,5 @@ disable or not use any or all of these features on the admin settings page.
## Where to go next
- [DTR architecture](../../architecture.md)
- [Install DTR](index.md)
* [DTR architecture](../../architecture.md)
* [Install DTR](index.md)

26
datacenter/dtr/2.5/admin/install/system-requirements.md → datacenter/dtr/2.5/guides/admin/install/system-requirements.md
View File

@ -7,29 +7,13 @@ keywords: DTR, architecture, requirements
Docker Trusted Registry can be installed on-premises or on the cloud.
Before installing, be sure your infrastructure has these requirements.
## Hardware and Software requirements
## Software requirements
You can install DTR on-premises or on a cloud provider. To install DTR,
all nodes must:
* Be a worker node managed by Universal Control Plane.
* Have a fixed hostname.
### Minimum requirements
* 8GB of RAM for nodes running DTR
* 2 vCPUs for nodes running DTR
* 10GB of free disk space
### Recommended production requirements
* 16GB of RAM for nodes running DTR
* 4 vCPUs for nodes running DTR
* 25-100GB of free disk space
Note that Windows container images are typically larger than Linux ones and for
this reason, you should consider provisioning more local storage for Windows
nodes and for DTR setups that will store Windows container images.
## Ports used
When installing DTR on a node, make sure the following ports are open on that
@ -52,7 +36,11 @@ Docker Enterprise Edition is a software subscription that includes three product
[Learn more about the maintenance lifecycle for these products](https://success.docker.com/article/Compatibility_Matrix).
## Hardware requirements
Hardware requirements for DTR nodes are found at [UCP Hardware requirement](/datacenter/ucp/2.2/guides/admin/install/system-requirements.md)
## Where to go next
- [DTR architecture](../../architecture.md)
- [Install DTR](index.md)
* [DTR architecture](../../architecture.md)
* [Install DTR](index.md)

31
datacenter/dtr/2.5/guides/admin/install/uninstall.md Normal file
View File

@ -0,0 +1,31 @@
---
title: Uninstall Docker Trusted Registry
description: Learn how to uninstall your Docker Trusted Registry installation.
keywords: dtr, install, uninstall
---
Uninstalling DTR can be done by simply removing all data associated with each
replica. To do that, you just run the remove command once per replica and destroy the last one :
```none
docker run -it --rm \
docker/dtr:{{ page.dtr_version }} remove \
--ucp-insecure-tls
```
```none
docker run -it --rm \
docker/dtr:{{ page.dtr_version }} destroy \
--ucp-insecure-tls
```
You will be prompted for the UCP URL, UCP credentials, and which replica to
remove/destroy.
To see what options are available in the remove/destroy commands, check the
[remove command reference documentation](../../../reference/cli/remove.md) and [destroy command reference documentation](../../../reference/cli/destroy.md).
## Where to go next
* [Scale your deployment](../configure/set-up-high-availability.md)
* [Install DTR](index.md)

12
datacenter/dtr/2.5/admin/manage-users/create-and-manage-orgs.md → datacenter/dtr/2.5/guides/admin/manage-users/create-and-manage-orgs.md
View File

@ -23,25 +23,25 @@ organization.
![](../../images/create-and-manage-orgs-2.png){: .with-border}
Repositories owned by this organization will contain the organization name, so
to pull an image from that repository, you'll use:
to pull an image from that repository, use:
```bash
docker pull <dtr-domain-name>/<organization>/<repository>:<tag>
$ docker pull <dtr-domain-name>/<organization>/<repository>:<tag>
```
Click **Save** to create the organization, and then **click the organization**
to define which users are allowed to manage this
organization. These users will be able to edit the organization settings, edit
organization. These users can edit the organization settings, edit
all repositories owned by the organization, and define the user permissions for
this organization.
For this, click the **Add user** button, **select the users** that you want to
grant permissions to manage the organization, and click
**Save**. Then change their permissions from 'Member' to **Org Owner**.
**Save**. Then change their permissions from 'Member' to **Admin**.
![](../../images/create-and-manage-orgs-3.png){: .with-border}
## Where to go next
- [Create and manage users](create-and-manage-users.md)
- [Create and manage teams](create-and-manage-teams.md)
* [Create and manage users](create-and-manage-users.md)
* [Create and manage teams](create-and-manage-teams.md)

21
datacenter/dtr/2.5/admin/manage-users/create-and-manage-teams.md → datacenter/dtr/2.5/guides/admin/manage-users/create-and-manage-teams.md
View File

@ -12,13 +12,13 @@ defines the permissions a set of users have for a set of repositories.
To create a new team, go to the **DTR web UI**, and navigate to the
**Organizations** page.
Then **click the organization** where you want to create the team. In this
example, we'll create the 'billing' team under the 'whale' organization.
example, we create the 'billing' team under the 'whale' organization.
![organization](../../images/create-and-manage-teams-1.png){: .with-border}
![](../../images/create-and-manage-teams-1.png){: .with-border}
Click '**+**' to create a new team, and give it a name.
![create team](../../images/create-and-manage-teams-2.png){: .with-border}
![](../../images/create-and-manage-teams-2.png){: .with-border}
## Add users to a team
@ -26,7 +26,7 @@ Once you have created a team, **click the team** name, to manage its settings.
The first thing we need to do is add users to the team. Click the **Add user**
button and add users to the team.
![add users](../../images/create-and-manage-teams-3.png){: .with-border}
![](../../images/create-and-manage-teams-3.png){: .with-border}
## Manage team permissions
@ -34,7 +34,7 @@ The next step is to define the permissions this team has for a set of
repositories. Navigate to the **Repositories** tab, and click the
**Add repository** button.
![manage permissions](../../images/create-and-manage-teams-4.png){: .with-border}
![](../../images/create-and-manage-teams-4.png){: .with-border}
Choose the repositories this team has access to, and what permission levels the
team members have.
@ -49,14 +49,7 @@ There are three permission levels available:
| Read & Write | View repository, pull and push images. |
| Admin | Manage repository and change its settings, pull and push images. |
## Delete a team
If you're an organization owner, you can delete a team in that organization.
Navigate to the **Team**, choose the **Settings** tab, and click **Delete**.
![delete team](../../images/create-and-manage-teams-6.png){: .with-border}
## Where to go next
- [Create and manage users](create-and-manage-users.md)
- [Permission levels](permission-levels.md)
* [Create and manage users](create-and-manage-users.md)
* [Permission levels](permission-levels.md)

5
datacenter/dtr/2.5/admin/manage-users/create-and-manage-users.md → datacenter/dtr/2.5/guides/admin/manage-users/create-and-manage-users.md
View File

@ -6,7 +6,6 @@ keywords: registry, security, permissions, users
When using the built-in authentication, you can create users
to grant them fine-grained permissions.
Users are shared across UCP and DTR. When you create a new user in
Docker Universal Control Plane, that user becomes available in DTR and vice
versa.
@ -25,5 +24,5 @@ for the user to be a UCP and DTR administrator.
## Where to go next
- [Authentication and authorization](index.md)
- [Create and manage teams](create-and-manage-teams.md)
* [Authentication and authorization](index.md)
* [Create and manage teams](create-and-manage-teams.md)

2
datacenter/dtr/2.5/admin/manage-users/index.md → datacenter/dtr/2.5/guides/admin/manage-users/index.md
View File

@ -53,4 +53,4 @@ and pull images from the whale/java repository.
## Where to go next
- [Create and manage users](create-and-manage-users.md)
* [Create and manage users](create-and-manage-users.md)

8
datacenter/dtr/2.5/admin/manage-users/permission-levels.md → datacenter/dtr/2.5/guides/admin/manage-users/permission-levels.md
View File

@ -42,11 +42,13 @@ have the highest permission level defined by those teams.
Here's an overview of the permission levels available in DTR:
* Anonymous users: Can search and pull public repositories.
* Users: Can search and pull public repos, and create and manage their own repositories.
* Users: Can search and pull public repos, and create and manage their own
repositories.
* Team member: Everything a user can do, plus the permissions granted by the teams the user is member of.
* Organization owner: Can manage repositories and teams for the organization.
* Team admin: Everything a team member can do, and can also add members to the team.
* Organization admin: Everything a team admin can do, can create new teams, and add members to the organization.
* Admin: Can manage anything across UCP and DTR.
## Where to go next
- [Authentication and authorization](index.md)
* [Authentication and authorization](index.md)

35
datacenter/dtr/2.5/admin/monitor-and-troubleshoot/index.md → datacenter/dtr/2.5/guides/admin/monitor-and-troubleshoot/index.md
View File

@ -26,7 +26,7 @@ cause of the problem.
![](../../images/monitor-3.png){: .with-border}
## Health check endpoints
## Health checks
DTR also exposes several endpoints you can use to assess if a DTR replica
is healthy or not:
@ -39,37 +39,6 @@ NGINX front-end used by DTR.
* `/api/v0/meta/cluster_status`: Returns extensive information about all DTR
replicas.
## Cluster status
The `/api/v0/meta/cluster_status` [endpoint](/reference/dtr/2.5/api/)
requires administrator credentials, and returns a JSON object for the entire
cluster as observed by the replica being queried. You can authenticate your
requests using HTTP basic auth.
```bash
curl -ksL -u <user>:<pass> https://<dtr-domain>/api/v0/meta/cluster_status
```
```json
{
"current_issues": [
{
"critical": false,
"description": "... some replicas are not ready. The following servers are
not reachable: dtr_rethinkdb_f2277ad178f7",
}],
"replica_health": {
"f2277ad178f7": "OK",
"f3712d9c419a": "OK",
"f58cf364e3df": "OK"
},
}
```
You can find health status on the `current_issues` and `replica_health` arrays.
If this endpoint doesn't provide meaningful information when trying to
troubleshoot, try [troubleshooting using logs](troubleshoot-with-logs.md).
## Where to go next
- [Troubleshoot with logs](troubleshoot-with-logs.md)
* [Troubleshoot with logs](troubleshoot-with-logs.md)

5
datacenter/dtr/2.5/admin/monitor-and-troubleshoot/notary-audit-logs.md → datacenter/dtr/2.5/guides/admin/monitor-and-troubleshoot/notary-audit-logs.md
View File

@ -258,10 +258,9 @@ export TOKEN=$(curl --insecure --silent \
'https://<dtr-url>/auth/token?realm=dtr&service=dtr&scope=repository:<dtr-url>/<repository>:pull' | jq --raw-output .token)
# Get audit logs for all repositories and pretty-print it
# If you pushed the image less than 60 seconds ago, it's possible that
# Docker Content Trust won't show any events. Retry the command after a while.
# If you pushed the image less than 60 seconds ago, Docker Content Trust may not
# show any events. Retry the command after a while.
curl --insecure --silent \
--header "Authorization: Bearer $TOKEN" \
"https://<dtr-url>/v2/<dtr-url>/<dtr-repo>/_trust/changefeed?records=10&change_id=0" | jq .
```

17
datacenter/dtr/2.5/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md → datacenter/dtr/2.5/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md
View File

@ -39,10 +39,6 @@ DTR has several types of jobs.
| Job | Description |
|:------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| gc | Garbage collection job that deletes layers associated with deleted images |
| onlinegc | Garbage collection job that deletes layers associated with deleted images without putting the registry in read only mode |
| onlinegc_metadata | Garbage collection job that deletes metadata associated with deleted images|
| onlinegc_joblogs | Garbage collection job that deletes job logs based on a set job history setting |
| metadatastoremigration | metadatastoremigration is a necessary migration that enables the online gc feature |
| sleep | Sleep is used to test the correctness of the jobrunner. It sleeps for 60 seconds |
| false | False is used to test the correctness of the jobrunner. It runs the `false` command and immediately fails |
| tagmigration | Tag migration is used to synchronize tag and manifest information between the DTR database and the storage backend. |
@ -52,9 +48,6 @@ DTR has several types of jobs.
| scan_check_single | A security scanning job for a particular layer given by the `parameter: SHA256SUM`. This job breaks up the layer into components and checks each component for vulnerabilities |
| scan_check_all | A security scanning job that updates all of the currently scanned images to display the latest vulnerabilities |
| update_vuln_db | A job that is created to update DTR's vulnerability database. It uses an Internet connection to check for database updates through `https://dss-cve-updates.docker.com/` and updates the `dtr-scanningstore` container if there is a new update available |
| scannedlayermigration | scannedlayermigration is a 2.4 to 2.5 upgrade process that restructures scanned image data |
| push_mirror_tag | A job that pushes a tag to another registry after a push mirror policy has been evaluated |
| poll_mirror | A global cron that evaluates poll mirroring policies |
| webhook | A job that is used to dispatch a webhook payload to a single endpoint |
## Job status
@ -68,7 +61,7 @@ Jobs can be in one of the following status:
| done | The job has successfully completed |
| error | The job has completed with errors |
| cancel_request | The worker monitors the job statuses in the database. If the status for a job changes to `cancel_request`, the worker will cancel the job |
| cancel | The job has been canceled and not fully executed |
| cancel | The job has been cancelled and not fully executed |
| deleted | The job and logs have been removed |
| worker_dead | The worker for this job has been declared `dead` and the job will not continue |
| worker_shutdown | The worker that was running this job has been gracefully stopped |
@ -76,8 +69,8 @@ Jobs can be in one of the following status:
## Job capacity
Each job runner has a limited capacity and won't claim jobs that require an
higher capacity. You can see the capacity of a job runner using the
Each job runner has a limited capacity and doesn't claim jobs that require a
higher capacity. You can see the capacity of a job runner using the
`GET /api/v0/workers` endpoint:
```json
@ -131,8 +124,8 @@ are available:
}
```
Our worker will be able to pick up job id `0` and `2` since it has the capacity
for both, while id `1` will have to wait until the previous scan job is complete:
Our worker can pick up job id `0` and `2` since it has the capacity
for both, while id `1` needs to wait until the previous scan job is complete:
```json
{

4
datacenter/dtr/2.5/admin/monitor-and-troubleshoot/troubleshoot-with-logs.md → datacenter/dtr/2.5/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs.md
View File

@ -122,7 +122,7 @@ Warning: The following replicas are unhealthy: 59e4e9b0a254; Reasons: Replica re
To fix this, you should remove the unhealthy replica from the DTR cluster,
and join a new one. Start by running:
```bash
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} remove \
--ucp-insecure-tls
@ -130,7 +130,7 @@ docker run -it --rm \
And then:
```bash
```none
docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} join \
--ucp-node <ucp-node-name> \

27
datacenter/dtr/2.5/admin/upgrade.md → datacenter/dtr/2.5/guides/admin/upgrade.md
View File

@ -4,7 +4,7 @@ description: Learn how to upgrade your Docker Trusted Registry
keywords: dtr, upgrade, install
---
{% assign previous_version="2.4" %}
{% assign previous_version="2.3" %}
DTR uses [semantic versioning](http://semver.org/) and we aim to achieve specific
guarantees while upgrading between versions. We never support downgrading. We
@ -15,8 +15,8 @@ support upgrades according to the following rules:
* When upgrading between minor versions, you can't skip versions, but you can
upgrade from any patch versions of the previous minor version to any patch
version of the current minor version.
* When upgrading between major versions you also have to upgrade one major
version at a time, but you have to upgrade to the earliest available minor
* When upgrading between major versions you also need to upgrade one major
version at a time, but you need to upgrade to the earliest available minor
version. We also strongly recommend upgrading to the latest minor/patch
version for your major version first.
@ -42,8 +42,8 @@ to ensure the impact on your business is close to none.
Before starting your upgrade, make sure that:
* The version of UCP you are using is supported by the version of DTR you
are trying to upgrade to. [Check the compatibility matrix](https://success.docker.com/Policies/Compatibility_Matrix).
* You have a recent [DTR backup](disaster-recovery/create-a-backup.md).
* You [disable Docker content trust in UCP](/ee/ucp/admin/configure/run-only-the-images-you-trust/).
* You have a recent [DTR backup](backups-and-disaster-recovery.md).
* You [disable Docker content trust in UCP](/datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust.md).
### Step 1. Upgrade DTR to {{ previous_version }} if necessary
@ -54,8 +54,8 @@ Make sure you're running DTR {{ previous_version }}. If that's not the case,
Then pull the latest version of DTR:
```bash
docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }}
```none
$ docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }}
```
If the node you're upgrading doesn't have access to the internet, you can
@ -65,15 +65,15 @@ to get the images.
Once you have the latest image on your machine (and the images on the target
nodes if upgrading offline), run the upgrade command:
```bash
docker run -it --rm \
```none
$ docker run -it --rm \
{{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} upgrade \
--ucp-insecure-tls
```
By default the upgrade command runs in interactive mode and prompts you for
any necessary information. You can also check the
[reference documentation](/reference/dtr/2.5/cli/index.md) for other existing flags.
[reference documentation](../../reference/cli/index.md) for other existing flags.
The upgrade command will start replacing every container in your DTR cluster,
one replica at a time. It will also perform certain data migrations. If anything
@ -85,11 +85,6 @@ command and it will resume from where it left off.
A patch upgrade changes only the DTR containers and it's always safer than a minor
upgrade. The command is the same as for a minor upgrade.
## Download the vulnerability database
After upgrading DTR, you need to re-download the vulnerability database.
[Learn how to update your vulnerability database](configure/set-up-vulnerability-scans.md#update-the-cve-scanning-database).
## Where to go next
- [Release notes](../release-notes.md)
* [Release notes](../release-notes.md)

0
datacenter/dtr/2.5/architecture.md → datacenter/dtr/2.5/guides/architecture.md
View File

47
datacenter/dtr/2.5/guides/images/Makefile Normal file
View File

@ -0,0 +1,47 @@
SIZE="1280px"
HOST=dtr.domain.com
HOSTIP:=192.168.18.131
HOSTURL=https://$(HOST)
IMAGE=svendowideit/screenshot
#IMAGE=screenshot
RUNOPTS=docker run --rm -v $(CURDIR):/srv --add-host $(HOST):$(HOSTIP)
RUN=$(RUNOPTS) $(IMAGE)
all:
# Needs to be run with no authentication
$(RUN) $(HOSTURL)/admin/ admin-metrics.png $(SIZE)
$(RUN) $(HOSTURL)/admin/logs/ admin-logs.png $(SIZE)
$(RUN) $(HOSTURL)/admin/settings/auth/ admin-settings-authentication.png $(SIZE)
$(RUN) $(HOSTURL)/admin/settings/general admin-settings.png $(SIZE)
$(RUN) $(HOSTURL)/admin/settings/security admin-settings-security.png $(SIZE)
$(RUN) $(HOSTURL)/admin/settings/storage admin-settings-storage.png $(SIZE)
$(RUN) $(HOSTURL)/admin/settings/license admin-settings-license.png $(SIZE)
manual:
# --env-file=passwords.env
$(RUNOPTS) --env-file=passwords.env \
$(IMAGE) \
$(HOSTURL)/admin/settings#auth admin-settings-authentication-basic.png $(SIZE)
#admin-settings-authentication-ldap.png
# TODO: needs manual intervention atm
qs1:
# this requires the hostname to resolve.
echo "$HOST $HOSTIP" >> /etc/hosts
# and requires that host to be added to the docker daemon's insecure registry settings
# maybe use a dind daemon?
docker pull jenkins
docker tag -f jenkins t400s.home.org.au/ci-infrastructure/jnkns-img
docker push t400s.home.org.au/ci-infrastructure/jnkns-img
sleep 1
$(RUN) $(HOSTURL)/admin/ console-push.png $(SIZE)
sleep 10
qs2:
docker rmi jenkins t400s.home.org.au/ci-infrastructure/jnkns-img
docker pull t400s.home.org.au/ci-infrastructure/jnkns-img
sleep 1
$(RUN) $(HOSTURL)/admin/ console-pull.png $(SIZE)

0
datacenter/dtr/2.5/images/admin-logs.png → datacenter/dtr/2.5/guides/images/admin-logs.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 161 KiB

After

Width:  |  Height:  |  Size: 161 KiB

0
datacenter/dtr/2.5/images/admin-metrics.png → datacenter/dtr/2.5/guides/images/admin-metrics.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 136 KiB

After

Width:  |  Height:  |  Size: 136 KiB

BIN
datacenter/dtr/2.5/guides/images/admin-settings-auth.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

0
datacenter/dtr/2.5/images/admin-settings-authentication-basic.png → datacenter/dtr/2.5/guides/images/admin-settings-authentication-basic.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 107 KiB

After

Width:  |  Height:  |  Size: 107 KiB

0
datacenter/dtr/2.5/images/admin-settings-authentication-ldap.png → datacenter/dtr/2.5/guides/images/admin-settings-authentication-ldap.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 130 KiB

After

Width:  |  Height:  |  Size: 130 KiB

0
datacenter/dtr/2.5/images/admin-settings-authentication.png → datacenter/dtr/2.5/guides/images/admin-settings-authentication.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 64 KiB

After

Width:  |  Height:  |  Size: 64 KiB

0
datacenter/dtr/2.5/images/admin-settings-license.png → datacenter/dtr/2.5/guides/images/admin-settings-license.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 78 KiB

BIN
datacenter/dtr/2.5/guides/images/admin-settings-license2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

0
datacenter/dtr/2.5/images/admin-settings-security.png → datacenter/dtr/2.5/guides/images/admin-settings-security.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 94 KiB

After

Width:  |  Height:  |  Size: 94 KiB

BIN
datacenter/dtr/2.5/guides/images/admin-settings-storage-azure.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
datacenter/dtr/2.5/guides/images/admin-settings-storage-s3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 161 KiB

0
datacenter/dtr/2.5/images/admin-settings-storage.png → datacenter/dtr/2.5/guides/images/admin-settings-storage.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 97 KiB

0
datacenter/dtr/2.5/images/admin-settings.png → datacenter/dtr/2.5/guides/images/admin-settings.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 57 KiB

0
datacenter/dtr/2.5/images/architecture-1.svg → datacenter/dtr/2.5/guides/images/architecture-1.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.2 KiB

After

Width:  |  Height:  |  Size: 5.2 KiB

0
datacenter/dtr/2.5/images/architecture-2.svg → datacenter/dtr/2.5/guides/images/architecture-2.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

79
datacenter/dtr/2.5/images/architecture-3.svg → datacenter/dtr/2.5/guides/images/architecture-3.svg
View File

@ -1,82 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="350px" viewBox="0 0 740 350" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 48.2 (47327) - http://www.bohemiancoding.com/sketch -->
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 44.1 (41455) - http://www.bohemiancoding.com/sketch -->
<title>architecture-3</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<circle id="path-2" cx="4" cy="4" r="4"></circle>
<circle id="path-3" cx="4" cy="4" r="4"></circle>
<circle id="path-4" cx="31" cy="4" r="4"></circle>
<circle id="path-5" cx="31" cy="4" r="4"></circle>
<circle id="path-6" cx="31" cy="4" r="4"></circle>
</defs>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="architecture-3">
<g id="group" transform="translate(154.000000, 18.000000)">
<g id="object-storage" transform="translate(34.000000, 235.000000)">
<rect id="node-border" fill="#445D6E" x="0" y="0" width="365" height="80" rx="2"></rect>
<text font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#F7F8F9">
<tspan x="131.921387" y="44">shared object storage</tspan>
</text>
</g>
<g id="group" transform="translate(93.000000, 3.000000)">
<g id="dtr">
<text id="DTR-cluster" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="7.025" y="206.009524">DTR cluster</tspan>
<tspan x="7.025" y="236.009524">DTR cluster</tspan>
</text>
<g id="arrows-copy" transform="translate(104.000000, 166.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 37.000000) rotate(-90.000000) translate(-218.500000, -37.000000) translate(182.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-3" transform="translate(111.500000, 37.000000) rotate(-90.000000) translate(-111.500000, -37.000000) translate(75.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-2"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-4" transform="translate(4.500000, 37.000000) rotate(-90.000000) translate(-4.500000, -37.000000) translate(-32.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-3"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
</g>
<g id="network" transform="translate(33.000000, 23.000000)">
<g id="network" transform="translate(33.000000, 178.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="366" height="22" rx="2"></rect>
<text id="overlay-network" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="146.05127" y="15">overlay network</tspan>
</text>
</g>
<g id="arrows" transform="translate(104.000000, 42.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 18.000000) rotate(-90.000000) translate(-218.500000, -18.000000) translate(201.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrows" transform="translate(104.000000, 147.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 17.000000) rotate(-90.000000) translate(-218.500000, -17.000000) translate(202.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-4"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-3" transform="translate(111.500000, 18.000000) rotate(-90.000000) translate(-111.500000, -18.000000) translate(94.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-copy-3" transform="translate(111.500000, 17.000000) rotate(-90.000000) translate(-111.500000, -17.000000) translate(95.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-5"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-2"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-4" transform="translate(4.500000, 18.000000) rotate(-90.000000) translate(-4.500000, -18.000000) translate(-13.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-copy-4" transform="translate(4.500000, 17.000000) rotate(-90.000000) translate(-4.500000, -17.000000) translate(-12.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-6"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-3"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
</g>
<g id="nodes" transform="translate(60.000000, 70.000000)">
<g id="nodes" transform="translate(60.000000, 45.000000)">
<g id="node-3" transform="translate(214.000000, 0.000000)">
<g id="node">
<g id="node-label">
@ -165,7 +133,14 @@
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="433" height="216" rx="2"></rect>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="433" height="245" rx="2"></rect>
</g>
<g id="object-storage" transform="translate(457.000000, 45.000000)">
<rect id="node-border" fill="#445D6E" x="0" y="0" width="97" height="102" rx="2"></rect>
<text font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#F7F8F9">
<tspan x="34.7006836" y="48">object</tspan>
<tspan x="31.4633789" y="62">storage</tspan>
</text>
</g>
</g>
</g>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
datacenter/dtr/2.5/images/architecture-4.svg → datacenter/dtr/2.5/guides/images/architecture-4.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

0
datacenter/dtr/2.5/images/authentication-authorization-1.svg → datacenter/dtr/2.5/guides/images/authentication-authorization-1.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

BIN
datacenter/dtr/2.5/guides/images/aws-dtr-sg-rules.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

0
datacenter/dtr/2.5/images/aws-engine-sg-rules.png → datacenter/dtr/2.5/guides/images/aws-engine-sg-rules.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 54 KiB

BIN
datacenter/dtr/2.5/guides/images/aws-instance-id.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 225 KiB

BIN
datacenter/dtr/2.5/guides/images/azure_filter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 87 KiB

BIN
datacenter/dtr/2.5/guides/images/azure_ip.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
datacenter/dtr/2.5/guides/images/azure_portal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
datacenter/dtr/2.5/guides/images/basic_configuration.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

44
datacenter/dtr/2.5/guides/images/cache-docker-images-1.svg Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="178px" viewBox="0 0 740 178" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>content-cache-1</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="content-cache-1">
<g id="Group" transform="translate(263.000000, 15.000000)">
<g id="lines" transform="translate(29.000000, 36.000000)" stroke="#E0E4E7" stroke-linecap="round" stroke-linejoin="round">
<path d="M151.042505,74.0425047 L77.5,0.5" id="Line"></path>
<path d="M77.5,77.5 L77.5,0.5" id="Line-Copy-3"></path>
<path d="M0.440812521,76.5591875 L76.5,0.5" id="Line-Copy"></path>
</g>
<g id="L1" transform="translate(0.000000, 88.000000)">
<g id="cache-3" transform="translate(155.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-AS" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.74023437" y="34">cache AS</tspan>
</text>
</g>
<g id="cache-2" transform="translate(77.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-EU" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.29345703" y="34">cache EU</tspan>
</text>
</g>
<g id="cache-1">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-US" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.33496094" y="34">cache US</tspan>
</text>
</g>
</g>
<g id="dtr" transform="translate(71.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="36" cy="36" r="36"></circle>
<text id="DTR" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="26.3051758" y="40">DTR</tspan>
</text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
datacenter/dtr/2.5/guides/images/cache-docker-images-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 123 KiB

184
datacenter/ucp/3.0/images/ucp-architecture-2.svg → datacenter/dtr/2.5/guides/images/cache-docker-images-2.svg
View File

@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 40.1 (33804) - http://www.bohemiancoding.com/sketch -->
<title>architecture-2</title>
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>content-cache-2</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="architecture-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="architecture-2">
<text id="Docker-swarm" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="178.025" y="239.009524">Docker swarm</tspan>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="content-cache-2">
<text id="UCP-cluster" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="145.025" y="239.009524">UCP cluster</tspan>
</text>
<g id="nodes" transform="translate(215.000000, 15.000000)">
<g id="workers" transform="translate(53.000000, 118.000000)">
<g id="node-1">
<g id="cache" transform="translate(53.000000, 112.000000)">
<g id="node-2" transform="translate(107.000000, 0.000000)">
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
@ -22,8 +22,8 @@
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker-Enterprise-Engine" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="24" y="15">Docker EE</tspan>
<text id="Docker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="31.4838867" y="15">Docker</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
@ -32,18 +32,18 @@
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="app" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-worker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="20.4755859" y="15">UCP worker</tspan>
<g id="dtr" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="DTR-cache" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7836914" y="15">DTR cache</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-3" transform="translate(107.000000, 0.000000)">
<g id="node-1">
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
@ -51,8 +51,8 @@
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker-Enterprise-Engine" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="24" y="15">Docker EE</tspan>
<text id="Docker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="31.4838867" y="15">Docker</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
@ -61,29 +61,87 @@
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="app" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-worker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="20.4755859" y="15">UCP worker</tspan>
<g id="dtr" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="DTR-cache" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7836914" y="15">DTR cache</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
<g id="managers">
<g id="dtr">
<g id="node-3" transform="translate(214.000000, 0.000000)">
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="31.4838867" y="15">Docker</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-agent" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="dtr" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="DTR" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.4980469" y="15">DTR</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-2" transform="translate(107.000000, 0.000000)">
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="31.4838867" y="15">Docker</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-agent" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="dtr" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="DTR" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.4980469" y="15">DTR</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1">
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker-Enterprise-Engine" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="24" y="15">Docker EE</tspan>
<text id="Docker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="31.4838867" y="15">Docker</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
@ -92,75 +150,17 @@
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="app" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy" transform="translate(107.000000, 0.000000)">
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker-Enterprise-Engine" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="24" y="15">Docker EE</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-agent" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="app" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-2" transform="translate(214.000000, 0.000000)">
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="engine" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="Docker-Enterprise-Engine" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="24" y="15">Docker EE</tspan>
</text>
</g>
<g id="ucp" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#1488C6" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-agent" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="23.7373047" y="15">UCP agent</tspan>
</text>
</g>
<g id="app" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#00B6B5" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
<g id="dtr" transform="translate(1.000000, 33.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="DTR" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.4980469" y="15">DTR</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
</g>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="169" y="3" width="401" height="245" rx="2"></rect>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="140" y="3" width="460" height="245" rx="2"></rect>
</g>
</g>
</svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
datacenter/dtr/2.5/guides/images/cache-docker-images-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
datacenter/dtr/2.5/guides/images/cache-docker-images-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

53
datacenter/dtr/2.5/guides/images/chaining-1.svg Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>chaining-1</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="chaining-1">
<g id="Group" transform="translate(263.000000, 13.000000)">
<g id="lines" transform="translate(29.000000, 36.000000)" stroke="#E0E4E7" stroke-linecap="round" stroke-linejoin="round">
<path d="M157.5,187.5 L157.5,110.5" id="Line-Copy-2"></path>
<path d="M151.042505,74.0425047 L77.5,0.5" id="Line"></path>
<path d="M77.5,77.5 L77.5,0.5" id="Line-Copy-3"></path>
<path d="M0.440812521,76.5591875 L76.5,0.5" id="Line-Copy"></path>
</g>
<g id="L2" transform="translate(155.000000, 164.000000)">
<g id="cache-1">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-CH" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="7.87109375" y="34">cache CH</tspan>
</text>
</g>
</g>
<g id="L1" transform="translate(0.000000, 88.000000)">
<g id="cache-3" transform="translate(155.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-AS" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.74023437" y="34">cache AS</tspan>
</text>
</g>
<g id="cache-2" transform="translate(77.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-EU" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.29345703" y="34">cache EU</tspan>
</text>
</g>
<g id="cache-1">
<circle id="Oval-2" fill="#1488C6" cx="30" cy="30" r="30"></circle>
<text id="cache-US" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="8.33496094" y="34">cache US</tspan>
</text>
</g>
</g>
<g id="dtr" transform="translate(71.000000, 0.000000)">
<circle id="Oval-2" fill="#1488C6" cx="36" cy="36" r="36"></circle>
<text id="DTR" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#FFFFFF">
<tspan x="26.3051758" y="40">DTR</tspan>
</text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

83
datacenter/dtr/2.5/images/configure-external-storage-1.svg → datacenter/dtr/2.5/guides/images/configure-external-storage-1.svg
View File

@ -1,82 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="350px" viewBox="0 0 740 350" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 48.2 (47327) - http://www.bohemiancoding.com/sketch -->
<title>configure-external-storage-1</title>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 44.1 (41455) - http://www.bohemiancoding.com/sketch -->
<title>architecture-3</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<circle id="path-2" cx="4" cy="4" r="4"></circle>
<circle id="path-3" cx="4" cy="4" r="4"></circle>
<circle id="path-4" cx="31" cy="4" r="4"></circle>
<circle id="path-5" cx="31" cy="4" r="4"></circle>
<circle id="path-6" cx="31" cy="4" r="4"></circle>
</defs>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="configure-external-storage-1">
<g id="group" transform="translate(154.000000, 18.000000)">
<g id="object-storage" transform="translate(34.000000, 235.000000)">
<rect id="node-border" fill="#445D6E" x="0" y="0" width="365" height="80" rx="2"></rect>
<text font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#F7F8F9">
<tspan x="131.921387" y="44">shared object storage</tspan>
</text>
</g>
<g id="architecture-3">
<g id="group" transform="translate(93.000000, 3.000000)">
<g id="dtr">
<text id="DTR-cluster" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="7.025" y="206.009524">DTR cluster</tspan>
<tspan x="7.025" y="236.009524">DTR cluster</tspan>
</text>
<g id="arrows-copy" transform="translate(104.000000, 166.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 37.000000) rotate(-90.000000) translate(-218.500000, -37.000000) translate(182.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-3" transform="translate(111.500000, 37.000000) rotate(-90.000000) translate(-111.500000, -37.000000) translate(75.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-2"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-4" transform="translate(4.500000, 37.000000) rotate(-90.000000) translate(-4.500000, -37.000000) translate(-32.000000, 33.000000)">
<path d="M2,4 L73,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-3"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
</g>
<g id="network" transform="translate(33.000000, 23.000000)">
<g id="network" transform="translate(33.000000, 178.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="366" height="22" rx="2"></rect>
<text id="overlay-network" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="146.05127" y="15">overlay network</tspan>
</text>
</g>
<g id="arrows" transform="translate(104.000000, 42.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 18.000000) rotate(-90.000000) translate(-218.500000, -18.000000) translate(201.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrows" transform="translate(104.000000, 147.000000)">
<g id="arrow-copy-2" transform="translate(218.500000, 17.000000) rotate(-90.000000) translate(-218.500000, -17.000000) translate(202.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-4"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-1"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-3" transform="translate(111.500000, 18.000000) rotate(-90.000000) translate(-111.500000, -18.000000) translate(94.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-copy-3" transform="translate(111.500000, 17.000000) rotate(-90.000000) translate(-111.500000, -17.000000) translate(95.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-5"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-2"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
<g id="arrow-copy-4" transform="translate(4.500000, 18.000000) rotate(-90.000000) translate(-4.500000, -18.000000) translate(-13.000000, 14.000000)">
<path d="M0,4 L31,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="arrow-copy-4" transform="translate(4.500000, 17.000000) rotate(-90.000000) translate(-4.500000, -17.000000) translate(-12.000000, 13.000000)">
<path d="M2,4 L33,4" id="Line" stroke="#FFB463" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-6"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="31" cy="4" r="5"></circle>
<use fill="#FFB463" fill-rule="evenodd" xlink:href="#path-3"></use>
<circle stroke="#F7F8F9" stroke-width="2" cx="4" cy="4" r="5"></circle>
</g>
</g>
</g>
<g id="nodes" transform="translate(60.000000, 70.000000)">
<g id="nodes" transform="translate(60.000000, 45.000000)">
<g id="node-3" transform="translate(214.000000, 0.000000)">
<g id="node">
<g id="node-label">
@ -165,7 +133,14 @@
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="433" height="216" rx="2"></rect>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="433" height="245" rx="2"></rect>
</g>
<g id="object-storage" transform="translate(457.000000, 45.000000)">
<rect id="node-border" fill="#445D6E" x="0" y="0" width="97" height="102" rx="2"></rect>
<text font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#F7F8F9">
<tspan x="34.7006836" y="48">object</tspan>
<tspan x="31.4633789" y="62">storage</tspan>
</text>
</g>
</g>
</g>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
datacenter/dtr/2.5/images/configure-external-storage-2.png → datacenter/dtr/2.5/guides/images/configure-external-storage-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 108 KiB

0
datacenter/dtr/2.5/images/console-pull.png → datacenter/dtr/2.5/guides/images/console-pull.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 144 KiB

After

Width:  |  Height:  |  Size: 144 KiB

0
datacenter/dtr/2.5/images/console-push.png → datacenter/dtr/2.5/guides/images/console-push.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 140 KiB

After

Width:  |  Height:  |  Size: 140 KiB

0
datacenter/dtr/2.5/images/create-and-manage-orgs-1.png → datacenter/dtr/2.5/guides/images/create-and-manage-orgs-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 74 KiB

0
datacenter/dtr/2.5/images/create-and-manage-orgs-2.png → datacenter/dtr/2.5/guides/images/create-and-manage-orgs-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 84 KiB

0
datacenter/dtr/2.5/images/create-and-manage-orgs-3.png → datacenter/dtr/2.5/guides/images/create-and-manage-orgs-3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 107 KiB

After

Width:  |  Height:  |  Size: 107 KiB

0
datacenter/dtr/2.5/images/create-and-manage-teams-1.png → datacenter/dtr/2.5/guides/images/create-and-manage-teams-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 95 KiB

0
datacenter/dtr/2.5/images/create-and-manage-teams-2.png → datacenter/dtr/2.5/guides/images/create-and-manage-teams-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 94 KiB

After

Width:  |  Height:  |  Size: 94 KiB

0
datacenter/dtr/2.5/images/create-and-manage-teams-3.png → datacenter/dtr/2.5/guides/images/create-and-manage-teams-3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 104 KiB

0
datacenter/dtr/2.5/images/create-and-manage-teams-4.png → datacenter/dtr/2.5/guides/images/create-and-manage-teams-4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 114 KiB

After

Width:  |  Height:  |  Size: 114 KiB

0
datacenter/dtr/2.5/images/create-and-manage-teams-5.png → datacenter/dtr/2.5/guides/images/create-and-manage-teams-5.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 114 KiB

After

Width:  |  Height:  |  Size: 114 KiB

99
datacenter/dtr/2.5/guides/images/create-deployment-policies-1.svg Normal file
View File

@ -0,0 +1,99 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 43.2 (39069) - http://www.bohemiancoding.com/sketch -->
<title>image-promotion</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="dtr-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="image-promotion">
<g id="Group" transform="translate(12.000000, 3.000000)">
<g id="right" transform="translate(415.000000, 0.000000)">
<text id="DTR-cluster" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="11.025" y="236.009524">DTR cluster</tspan>
</text>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="302" height="245" rx="2"></rect>
<g id="website-prod" transform="translate(31.000000, 145.000000)">
<text id="tags" font-family="OpenSans-Semibold, Open Sans" font-size="12" font-weight="500" fill="#82949E">
<tspan x="38" y="40">2017-05-16</tspan>
</text>
<path d="M31.5,31.5 L31.5,40.5" id="Line" stroke="#E0E4E7" stroke-linecap="square"></path>
<text id="docker/website-prod" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#82949E">
<tspan x="31" y="19">docker/website-prod</tspan>
</text>
<text id="" font-family="FontAwesome" font-size="26" font-weight="normal" fill="#8F9EA8">
<tspan x="0" y="22"></tspan>
</text>
</g>
<g id="website-dev" transform="translate(31.000000, 16.000000)">
<text id="tags" font-family="OpenSans-Semibold, Open Sans" font-size="12" font-weight="500" fill="#82949E">
<tspan x="38" y="40">1</tspan>
<tspan x="38" y="57">2</tspan>
<tspan x="38" y="74">3-stable</tspan>
</text>
<path d="M31.5,31.5 L31.5,73.5" id="Line" stroke="#E0E4E7" stroke-linecap="square"></path>
<text id="docker/website-dev" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#82949E">
<tspan x="31" y="19">docker/website-dev</tspan>
</text>
<text id="" font-family="FontAwesome" font-size="26" font-weight="normal" fill="#8F9EA8">
<tspan x="0" y="22"></tspan>
</text>
</g>
</g>
<g id="left">
<text id="your-machine-or-a-CI" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="11.025" y="236.009524">your machine or a CI system</tspan>
</text>
<rect id="group" stroke="#82949E" stroke-width="2" stroke-dasharray="5,5,5,5" x="0" y="0" width="258" height="245" rx="2"></rect>
<text id="docker-build-copy" font-family="CourierNewPS-BoldMT, Courier New" font-size="12" font-weight="bold" fill="#82949E">
<tspan x="24" y="179">&gt; docker push</tspan>
</text>
<g id="website-dev-copy" transform="translate(24.000000, 80.000000)">
<text id="tags" font-family="OpenSans-Semibold, Open Sans" font-size="12" font-weight="500" fill="#82949E">
<tspan x="38" y="40">3-stable</tspan>
</text>
<path d="M31.5,31.5 L31.5,40.5" id="Line" stroke="#E0E4E7" stroke-linecap="square"></path>
<text id="docker/website-dev" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#82949E">
<tspan x="31" y="19">docker/website-dev</tspan>
</text>
<text id="" font-family="FontAwesome" font-size="26" font-weight="normal" fill="#8F9EA8">
<tspan x="0" y="22"></tspan>
</text>
</g>
<text id="docker-build" font-family="CourierNewPS-BoldMT, Courier New" font-size="12" font-weight="bold" fill="#82949E">
<tspan x="24" y="35">&gt; docker build</tspan>
</text>
</g>
<g id="arrow-3" transform="translate(631.000000, 84.000000)">
<circle id="Oval" fill="#E0E4E7" cx="3" cy="60" r="3"></circle>
<path d="M2.41908766,0.636305719 C2.41908766,0.636305719 11.6017022,12.0306637 11.6017022,30.660122 C11.6017022,49.2895802 2.41908766,60.6839382 2.41908766,60.6839382" id="Path-3" stroke="#E0E4E7"></path>
<g id="annotation" transform="translate(17.000000, 15.000000)">
<circle id="Oval-Copy" fill="#E0E4E7" cx="12" cy="12" r="12"></circle>
<text id="1" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#FFFFFF">
<tspan x="8" y="18">3</tspan>
</text>
</g>
</g>
<g id="arrow-2" transform="translate(267.000000, 81.000000)">
<circle id="Oval" fill="#E0E4E7" cx="132" cy="3" r="3"></circle>
<path d="M0.736586752,95 C0.736586752,95 29.3002372,54.2809317 61.5528708,31.5999726 C93.8055043,8.91901355 131.561843,3 131.561843,3" id="Path-3" stroke="#E0E4E7"></path>
<g id="annotation" transform="translate(44.000000, 3.000000)">
<circle id="Oval-Copy" fill="#E0E4E7" cx="12" cy="12" r="12"></circle>
<text id="1" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#FFFFFF">
<tspan x="8" y="18">2</tspan>
</text>
</g>
</g>
<g id="arrow-1" transform="translate(201.000000, 33.000000)">
<circle id="Oval" fill="#E0E4E7" cx="3" cy="60" r="3"></circle>
<path d="M2.41908766,0.636305719 C2.41908766,0.636305719 11.6017022,12.0306637 11.6017022,30.660122 C11.6017022,49.2895802 2.41908766,60.6839382 2.41908766,60.6839382" id="Path-3" stroke="#E0E4E7"></path>
<g id="annotation" transform="translate(17.000000, 19.000000)">
<circle id="Oval-Copy" fill="#E0E4E7" cx="12" cy="12" r="12"></circle>
<text id="1" font-family="OpenSans-Semibold, Open Sans" font-size="14" font-weight="500" fill="#FFFFFF">
<tspan x="8" y="18">1</tspan>
</text>
</g>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 7.2 KiB

BIN
datacenter/dtr/2.5/guides/images/create-deployment-policies-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 248 KiB

BIN
datacenter/dtr/2.5/guides/images/create-deployment-policies-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 270 KiB

BIN
datacenter/dtr/2.5/guides/images/create-deployment-policies-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 284 KiB

0
datacenter/dtr/2.5/images/create-manage-users-1.png → datacenter/dtr/2.5/guides/images/create-manage-users-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 100 KiB

After

Width:  |  Height:  |  Size: 100 KiB

0
datacenter/dtr/2.5/images/create-manage-users-2.png → datacenter/dtr/2.5/guides/images/create-manage-users-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 107 KiB

After

Width:  |  Height:  |  Size: 107 KiB

0
datacenter/dtr/2.5/images/create-repository-1.png → datacenter/dtr/2.5/guides/images/create-repository-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 92 KiB

After

Width:  |  Height:  |  Size: 92 KiB

0
datacenter/dtr/2.5/images/create-repository-2.png → datacenter/dtr/2.5/guides/images/create-repository-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 88 KiB

After

Width:  |  Height:  |  Size: 88 KiB

BIN
datacenter/dtr/2.5/guides/images/dashboard-settings-general.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

0
datacenter/dtr/2.5/images/delegate-image-signing-1.svg → datacenter/dtr/2.5/guides/images/delegate-image-signing-1.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

0
datacenter/dtr/2.5/images/delete-images-1.png → datacenter/dtr/2.5/guides/images/delete-images-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 111 KiB

After

Width:  |  Height:  |  Size: 111 KiB

BIN
datacenter/dtr/2.5/guides/images/docker-hub-org-enterprise-license-CSDE-dropdown.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
datacenter/dtr/2.5/guides/images/docker-hub-org-enterprise-license.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

Some files were not shown because too many files have changed in this diff Show More