docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DO NOT MERGE YET. added new ambassador path for 1.5s 

added viktor's comment

changed text to refect upcoming release of 1.4.3 and not 1.5
Signed-off-by: Carol Fager-Higgins <carol.fager-higgins@docker.com>
This commit is contained in:
Carol Fager-Higgins 2016-01-14 12:19:12 -08:00
parent f01a776f4d
commit ead23224c8
3 changed files with 39 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
adminguide.md
View File

@ -1,7 +1,7 @@
+++ +++
title = "Admin tasks" title = "Admin tasks"
description = "Documentation describing administration of Docker Trusted Registry" description = "Documentation describing administration of Docker Trusted Registry"
keywords = ["docker, documentation, about, technology, hub, registry, enterprise, admin tasks, dashboard, settings, logs, reporting, Notary, diagnostics"] keywords = ["docker, documentation, about, technology, hub, registry, enterprise, admin tasks, dashboard, settings, logs, reporting, Notary, diagnostics, admin guide, administration"]
[menu.main] [menu.main]
parent="workw_dtr" parent="workw_dtr"
weight=4 weight=4
@ -9,12 +9,12 @@ weight=4
# Docker Trusted Registry Administrator tasks # Docker Trusted Registry administrator tasks
This document explains the tasks and functions an administrator of Docker This document explains the tasks and functions a Docker Trusted Registry
Trusted Registry needs to understand such as reporting, logging, system administrator needs to understand such as reporting, logging, system management,
management, performance metrics, optimizing the Trusted Registry file size, and performance metrics, optimizing the Trusted Registry file size, and deleting
deleting containers. For tasks Docker Trusted Registry users need to accomplish, containers. For tasks Docker Trusted Registry users need to accomplish,
such as pushing and pulling images, go to the [User's Guide](userguide.md). For such as pushing and pulling images, go to the [User's Guide](userguide.md). For
using the Trusted Registry user interface (UI) to view, manage, or assign using the Trusted Registry user interface (UI) to view, manage, or assign
permissions regarding repositories, organizations, and teams, go to the permissions regarding repositories, organizations, and teams, go to the
@ -33,9 +33,7 @@ provided below for each container providing a Docker Trusted Registry service.
In addition, if your registry is using a filesystem storage driver, you can view In addition, if your registry is using a filesystem storage driver, you can view
a usage meter indicating used and available space on the storage volume. a usage meter indicating used and available space on the storage volume.
Third-party storage back-ends are not supported. If you are using one, this Third-party storage back-ends are not supported. If you are using one, this
meter is not displayed. meter is not displayed. Mouse-over the charts or meters to see detailed data points.
You can mouse-over the charts or meters to see detailed data points.
Clicking a service name, such as Load Balancer or Admin Server, displays the Clicking a service name, such as Load Balancer or Admin Server, displays the
network, CPU, and memory (RAM) utilization data for the specified service. See network, CPU, and memory (RAM) utilization data for the specified service. See
@ -52,7 +50,6 @@ sub-catagorized into the following sub-headings:
* **License**, where you apply your license * **License**, where you apply your license
* **Garbage collection**, set up cron job * **Garbage collection**, set up cron job
* **Auth**, authentication method settings: managed or LDAP * **Auth**, authentication method settings: managed or LDAP
* **Updates**, where you upgrade your registry * **Updates**, where you upgrade your registry
Refer to the [configuration documentation](configuration.md) for details. Refer to the [configuration documentation](configuration.md) for details.
@ -94,25 +91,29 @@ collects the following information:
* Error logs * Error logs
* Crash logs * Crash logs
## Emergency access to Docker Trusted Registry ## Emergency access to the Trusted Registry
If your authenticated or public access to the Trusted Registry UI has stopped If your authenticated or public access to the Trusted Registry UI has stopped
working, but your Trusted Registry admin container is still running, you can add working, but your Trusted Registry admin container is still running, you can add
an an
[ambassador container](https://docs.docker.com/articles/ambassador_pattern_linking/) [ambassador container](https://docs.docker.com/articles/ambassador_pattern_linking/)
to get temporary unsecure access to it by running: to get temporary unsecure access to it.
$ docker run --rm -it --link docker_trusted_registry_admin_server:admin -p 9999:80 svendowideit/ambassador For Trusted Registry version 1.4.3, run the following command in a Trusted Registry CLI:
> **Note:** This guide assumes that you are a member of the `docker` group, > or ```
have root privileges. Otherwise, you may need to add `sudo` to the previous docker run --rm -it --net dtr -p 9999:80 svendowideit/ambassador dockertrustedregistry_admin_server_1 80
example command. > ```
> However, if you are running a version prior to it, 1.4.2 or earlier, then continue to run this command:
This gives you access on port `9999` on your Trusted Registry server - ```
`http://<dtr-host-ip>:9999`. $ docker run --rm -it --link docker_trusted_registry_admin_server:admin -p 9999:80 svendowideit/ambassador
```
### SSH Access to host Either command gives you access on port `9999` on your Trusted Registry server
`http://<dtr-host-ip>:9999`. This guide assumes that you are a member of the `docker` group, or you have root privileges. Otherwise, you may need to add `sudo` to the previous example command.
### SSH access to host
As an extra measure of safety, ensure you have SSH access to the Trusted As an extra measure of safety, ensure you have SSH access to the Trusted
Registry host before you start using it. Registry host before you start using it.
@ -137,20 +138,17 @@ multiple image storage services are used in order to provide greater uptime and
faster, more efficient resource utilization. faster, more efficient resource utilization.
* `postgres`: A database service used to host authentication (LDAP) data and other datasets as needed by Docker Trusted Registry. * `postgres`: A database service used to host authentication (LDAP) data and other datasets as needed by Docker Trusted Registry.
## Docker Trusted Registry system management ## Trusted Registry system management
The `docker/trusted-registry` image is used to control the Trusted Registry The `docker/trusted-registry` image is used to control the Trusted Registry
system. This image uses the Docker socket to orchestrate the multiple services system. This image uses the Docker socket to orchestrate the multiple services
that comprise the Trusted Registry. that comprise the Trusted Registry. The bash script needs access to run `docker` commands, so if you are not in the `docker` group, then you will need super user (sudo) access.
$ sudo bash -c "$(sudo docker run docker/trusted-registry [COMMAND])" $ sudo bash -c "$(sudo docker run docker/trusted-registry [COMMAND])"
Supported commands are: `install`, `start`, `stop`, `restart`, `pull`, `info`, Supported commands are: `install`, `start`, `stop`, `restart`, `pull`, `info`,
`export-settings`, `diagnostics`, `status`, `upgrade`. `export-settings`, `diagnostics`, `status`, `upgrade`.
> **Note**: `sudo` is needed for `docker/trusted-registry` commands to
> ensure that the Bash script is run with full access to the Docker host.
### `install` ### `install`
Install Docker Trusted Registry. Install Docker Trusted Registry.
@ -201,7 +199,6 @@ docker_trusted_registry_auth_server
Display the version and info for the Docker daemon, and version and image ID's Display the version and info for the Docker daemon, and version and image ID's
of Docker Trusted Registry. of Docker Trusted Registry.
``` ```
$ sudo bash -c "$(docker run docker/trusted-registry info)" $ sudo bash -c "$(docker run docker/trusted-registry info)"
INFO [1.1.0-alpha-001472_g8a9ddb4] Attempting to connect to docker engine dockerHost="unix:///var/run/docker.sock" INFO [1.1.0-alpha-001472_g8a9ddb4] Attempting to connect to docker engine dockerHost="unix:///var/run/docker.sock"
@ -266,19 +263,16 @@ INFO [1.1.0-alpha-001472_g8a9ddb4] Attempting to connect to docker engine docke
### `diagnostics` ### `diagnostics`
The `diagnostics` command is used to extract configuration and run time data Use the `diagnostics` command to extract configuration and run time data about
about your containers for support purposes. your containers for support purposes. The output includes the `docker inspect`
output for all containers, running and not, so check the resulting files for
The output includes the `docker inspect` output for all passwords and other proprietary information before sending it.
containers, running and not, so check the resulting files for passwords
and other proprietary information before sending it.
`$ sudo bash -c "$(docker run docker/trusted-registry diagnostics)" > diagnostics.zip` `$ sudo bash -c "$(docker run docker/trusted-registry diagnostics)" > diagnostics.zip`
> **Warning:** These diagnostics files may contain secrets that you need to remove > **Warning:** These diagnostics files may contain secrets that you need to remove before passing on, such as raw container log files, Azure storage
> before passing on - such as raw container log files, Azure storage credentials, or passwords that may be credentials, or passwords that may be sent to non-Docker Trusted Registry
> sent to non-Docker Trusted Registry containers using the `docker run -e PASSWORD=asdf` environment variable containers using the `docker run -e PASSWORD=asdf` environment variable options.
> options.
Stream to STDOUT a zip file containing CSDE and Docker Trusted Registry Stream to STDOUT a zip file containing CSDE and Docker Trusted Registry
configuration, state, and log files to help the Docker Enterprise support team: configuration, state, and log files to help the Docker Enterprise support team:
@ -300,8 +294,7 @@ Export the Trusted Registry configuration files for backup or diagnostics use.
`$ sudo bash -c "$(docker run docker/trusted-registry export-settings)" > export-settings.tar.gz` `$ sudo bash -c "$(docker run docker/trusted-registry export-settings)" > export-settings.tar.gz`
> **Warning:** These diagnostics files may contain secrets that you need to remove > **Warning:** These diagnostics files may contain secrets that you need to remove before passing on, such as Azure storage credentials.
> before passing on - such as Azure storage credentials.
Stream to STDOUT a gzipped tar file containing the Trusted Registry Stream to STDOUT a gzipped tar file containing the Trusted Registry
configuration files from `/usr/local/etc/dtr/`: configuration files from `/usr/local/etc/dtr/`:
@ -319,16 +312,11 @@ configuration files from `/usr/local/etc/dtr/`:
To debug client Docker daemon communication issues with the Trusted Registry, To debug client Docker daemon communication issues with the Trusted Registry,
Docker also provides a diagnostics tool to be run on the client Docker daemon. Docker also provides a diagnostics tool to be run on the client Docker daemon.
> **Warning:** These diagnostics files may contain secrets that you need to remove > **Warning:** These diagnostics files may contain secrets that you need to remove before passing on, such as raw container log files, Azure storage credentials, or passwords that may be sent to non-Docker Trusted Registry containers using the `docker run -e PASSWORD=asdf` environment variable options.
> before passing on - such as raw container log files, Azure storage credentials, or passwords that may be
> sent to non-Docker Trusted Registry containers using the `docker run -e PASSWORD=asdf` environment variable
> options.
You can download and run this tool using the following command: If you supply an administrator username and password, then the `diagnostics`
tool also downloads additional logs and configuration data from the remote
> **Note:** If you supply an administrator username and password, then the Trusted Registry server. Download and run this tool using the following command:
> `diagnostics` tool will also download some logs and configuration data
> from the remote Docker Trusted Registry server.
``` ```
$ wget https://dhe.mycompany.com/admin/bin/diagnostics && chmod +x diagnostics $ wget https://dhe.mycompany.com/admin/bin/diagnostics && chmod +x diagnostics
@ -343,7 +331,7 @@ copy logs from DTR Adminserver into ZIP output: "Failed to read next tar header:
error running "dmidecode": "exit status 127"] error running "dmidecode": "exit status 127"]
``` ```
The zip file will contain the following information: The zip file contains the following information:
- your local Docker host's `ca-certificates.crt` - your local Docker host's `ca-certificates.crt`
- `containers/`: the first 20 running, stopped and paused containers `docker inspect` - `containers/`: the first 20 running, stopped and paused containers `docker inspect`
@ -356,11 +344,13 @@ The zip file will contain the following information:
- `sysinfo/`: local Host information - `sysinfo/`: local Host information
- `errors.txt`: errors and warnings encountered while running diagnostics - `errors.txt`: errors and warnings encountered while running diagnostics
### Starting and stopping Docker Trusted Registry ### Starting and stopping the Trusted Registry
If you need to stop and/or start the Trusted Registry (for example, upgrading, or troubleshooting), use the following commands: If you need to stop and/or start the Trusted Registry (for example, upgrading, or troubleshooting), use the following commands:
`sudo bash -c "$(docker run docker/trusted-registry stop)"` `sudo bash -c "$(docker run docker/trusted-registry stop)"`
`sudo bash -c "$(docker run docker/trusted-registry start)"` `sudo bash -c "$(docker run docker/trusted-registry start)"`
## See also ## See also

BIN
assets/admin-logs.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 195 KiB

After

Width:  |  Height:  |  Size: 160 KiB

BIN
assets/admin-metrics.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 183 KiB

After

Width:  |  Height:  |  Size: 134 KiB