docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added LDAP config changes to Upgrade 

Signed-off-by: Carol Fager-Higgins <carol.fager-higgins@docker.com>
This commit is contained in:
Carol Fager-Higgins 2015-11-03 17:31:09 -08:00
parent a902a738ff
commit f3af225118
6 changed files with 210 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.md
View File

@ -28,7 +28,7 @@ environment.
Docker Trusted Registry is perfect for:
* Providing a secure, on-premise development environment
* Providing a secure, on-premises development environment
* Creating a streamlined build pipeline
* Building a consistent, high-performance test/QA environment
* Managing image deployment

2
install/dtr-ami-byol-launch.md
View File

@ -15,7 +15,7 @@ The Trusted Registry installation includes a single instance of the commercially
supported Docker Engine.
You can install additional instances of the commercially supported Docker Engine
either on premise or through AWS. For more information, see the [installation
either on premises or through AWS. For more information, see the [installation
overview](index.md) for Trusted Registry.
The remainder of this document refers to the running instance of this AMI as a “Trusted Registry”.

6
install/index.md
View File

@ -9,17 +9,17 @@ identifier="smn_dhe_install"
# Trusted Registry Installation Overview
Docker Trusted Registry is an enterprise-grade on-premise registry bundled with commercially supported Docker Engines (CS Engine). Use Docker Trusted Registry to manage your images, and the commercially supported Docker Engine to create, test, and share your application images. Together, these two Docker products can optimize your continuous integration (CI) and/or software deployment workflows.
Docker Trusted Registry is an enterprise-grade on-premises registry bundled with commercially supported Docker Engines (CS Engine). Use Docker Trusted Registry to manage your images, and the commercially supported Docker Engine to create, test, and share your application images. Together, these two Docker products can optimize your continuous integration (CI) and/or software deployment workflows.
Depending on your business requirements, there are two paths available for you to install Docker Trusted Registry (Trusted Registry). This document describes those options and prerequisites in order for you to make a decision that is best suited to your needs and provides the install directions for your selected path.
## Install options
You can install Trusted Registry on premise or through a cloud provider. Currently, Docker supports installation on any cloud provider.
You can install Trusted Registry on premises or through a cloud provider. Currently, Docker supports installation on any cloud provider.
## Get a license
Docker requires that you obtain a license to use the Trusted Registry. The installation path you choose (on premise or in the cloud) can affect the licensing methods available to you (bring your own license or cloud marketplace).
Docker requires that you obtain a license to use the Trusted Registry. The installation path you choose (on premises or in the cloud) can affect the licensing methods available to you (bring your own license or cloud marketplace).
All installation paths support a license which you buy outright from Docker and
apply during the installation process. If you would like, you can get a free

112
install/install-csengine.md
View File

@ -9,55 +9,51 @@ parent="smn_dhe_install"
# Manually Install the CS Docker Engine
This document describes the process of obtaining and installing the Commercially
Supported Docker Engine (CS Engine). Installing CS Engine is a prerequisite for
installing the Docker Trusted Registry. You can use these instructions if you are installing CS Engine on physical or cloud infrastructure.
This document describes the process of installing the Commercially Supported
Docker Engine (CS Engine). Installing the CS Engine is a prerequisite for
installing the Docker Trusted Registry. Use these instructions if you
are installing the CS Engine on physical or cloud infrastructures.
If your cloud provider is AWS, you have the option of installing CS Engine using an Amazon Machine Image (AMI) instead. For more information, read the [installation overview](index.md) to understand your options.
Note that you first install the CS Engine before you install Docker Trusted
Registry. If you are upgrading, you reverse that order and upgrade the Trusted
Registry first. To upgrade, see the [upgrade documentation](upgrade.md). You will need to install the latest version of the CS Engine to run with the latest
version of the Trusted Registry. You will also want to install the CS Engine on
any clients, especially in your production environment.
## Prerequisite
If your cloud provider is AWS, you have the option of installing the CS Engine
using an Amazon Machine Image (AMI). For more information, read the [installation overview](index.md) to understand your options.
Installing CS Engine requires that you have a login to Docker Hub. If you have
not already done so, go to Docker Hub and [sign up for an
account](https://hub.docker.com).
## Prerequisites
Also, you must have a license for Docker Trusted Registry. This license allows
you to run both Docker Trusted Registry and CS Engine. Before installing,
[purchase a license or sign up for a free, 30 day trial license]((https://hub.docker.com/enterprise/)).
You need a login to Docker Hub. If you have not already done so, go to Docker Hub and [sign up for an account](https://hub.docker.com). You do not need a license for the CS Engine, only for the Docker Trusted Registry.
## CentOS 7.1 & RHEL 7.0/7.1 (YUM-based systems)
## Install on CentOS 7.1 & RHEL 7.0/7.1
This section explains how to install on CentOS 7.1 & RHEL 7.0/7.1. Only these versions are supported. CentOS 7.0 is not supported. On RHEL, depending on your current level of updates, you may need to reboot your server to update its RHEL kernel.
This section explains how to install on CentOS 7.1 & RHEL 7.0/7.1. Only these
versions are supported. CentOS 7.0 is not supported. On RHEL, depending on your
current level of updates, you may need to reboot your server to update its RHEL
kernel.
1. Log into the system as a user with root or sudo permissions.
2. Update your `yum` repositories.
2. Add Docker's public key for CS packages:
$ sudo yum update && sudo yum upgrade
`$ sudo rpm --import "https://pgp.mit.edu/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e"`
3. In a browser, log in to the [Docker Hub](https://hub.docker.com) with the account you used to obtain your license.
3. Install yum-utils if necessary:
4. Once you're logged in, go to your account's [Licenses](https://hub.docker.com/account/licenses/) page.
`$ sudo yum install -y yum-utils`
5. In the "Download and Install CS Engine" locate the script appropriate to your system.
4. Install the CS Engine with the following command:
6. Copy the script, paste it into your terminal, and press Return.
$ sudo yum install docker-engine
$ curl -s
https://packagecloud.io/install/repositories/Docker/cs-public/script.rpm.sh |
sudo bash sudo yum install docker-engine-cs
7. After the command completes, install the CS Engine with the following command:
$ sudo yum install docker-engine-cs
8. Enable the Docker daemon as a service and then start it.
5. Enable the Docker daemon as a service and then start it.
$ sudo systemctl enable docker.service
$ sudo systemctl start docker.service
9. Verify the installation was successful by running a simple container.
6. Verify the installation was successful by running a simple container.
$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
@ -82,54 +78,60 @@ This section explains how to install on CentOS 7.1 & RHEL 7.0/7.1. Only these ve
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/userguide/
10. Optionally, add non-sudo access to the Docker socket by adding your user to the `docker` group.
7. Optionally, add non-sudo access to the Docker socket by adding your user to the `docker` group.
$ sudo usermod -a -G docker $USER
Log out and log back in to have your new permissions take effect.
8. Log out and log back in to have your new permissions take effect.
## Install on Ubuntu 14.04 LTS
1. Log into the system as a user with root or sudo permissions.
2. Update your `yum` repositories.
2. Add Docker's public key for CS packages:
$ sudo apt-get update && sudo apt-get upgrade
`$ curl -s 'https://pgp.mit.edu/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e' | sudo apt-key add --import`
3. Install additional virtual drivers not in the base image.
3. Install the HTTPS helper for apt (your system may already have it):
`$ sudo apt-get update && sudo apt-get install apt-transport-https`
4. Install additional virtual drivers not in the base image.
$ sudo apt-get install -y linux-image-extra-virtual
You may need to reboot your server to after updating the LTS kernel.
You may need to reboot your server after updating the LTS kernel.
4. In a browser, log in to the [Docker Hub](https://hub.docker.com) with the account you used to obtain your license.
5. Install the engine with the following command:
5. Once you're logged in, go to your account's [Licenses](https://hub.docker.com/account/licenses/) page.
`$ sudo apt-get update && sudo apt-get install docker-engine`
6. In the "Download and Install CS Engine" locate the script appropriate to your system.
6. Add the repository for the new version:
7. Copy the script, paste it into your terminal, and press Return.
`$ echo "deb https://packages.docker.com/1.9/apt/repo ubuntu-trusty main" | sudo tee /etc/apt/sources.list.d/docker.list`
$ curl -s
https://packagecloud.io/install/repositories/Docker/cs-public/script.deb.sh | sudo bash sudo apt-get install docker-engine-cs
**Note**: modify the "ubuntu-trusty" string for your flavor of ubuntu or debian.
* debian-jessie (Debian 8)
* debian-stretch (future release)
* debian-wheezy (Debian 7)
* ubuntu-precise (Ubuntu 12.04)
* ubuntu-trusty (Ubuntu 14.04)
* ubuntu-utopic (Ubuntu 14.10)
* ubuntu-vivid (Ubuntu 15.04)
* ubuntu-wily (Ubuntu 15.10)
8. Run the following to install commercially supported Docker Engine and its dependencies:
$ sudo apt-get install docker-engine-cs
`$ echo "deb https://packages.docker.com/1.9/apt/repo ubuntu-trusty main" | sudo tee /etc/apt/sources.list.d/docker.list`
9. Confirm the Docker daemon is running with `sudo service docker start`.
7. Run the following to install commercially supported Docker Engine and its dependencies:
`$ sudo apt-get update && sudo apt-get install docker-engine`
8. Confirm the Docker daemon is running with `sudo service docker start`.
$ sudo service docker start
10. Optionally, add non-sudo access to the Docker socket by adding your user to the `docker` group.
9. Optionally, add non-sudo access to the Docker socket by adding your user to the `docker` group.
$ sudo usermod -a -G docker $USER
@ -137,4 +139,4 @@ This section explains how to install on CentOS 7.1 & RHEL 7.0/7.1. Only these ve
## Next step
You are ready to install [Docker Trusted Registry](install-dtry.md).
You are ready to install [Docker Trusted Registry](install-dtr.md).

196
install/upgrade.md
View File

@ -1,76 +1,174 @@
+++
title = "Upgrade Trusted Registry and CS Engine"
description = "Upgrade Trusted Registry and CS Engine"
title = "Upgrade Trusted Registry and the CS Engine"
description = "Upgrade Trusted Registry and the CS Engine"
keywords = ["docker, documentation, about, technology, hub, upgrade, enterprise"]
[menu.main]
parent="smn_dhe_install"
+++
<!--
not certain of this order. and there may be missing steps if the license has to be enabled again. cfh
-->
# Upgrade the Trusted Registry and the CS Engine
This document describes the process and steps necessary to upgrade Docker Trusted Registry and the commercially supported engine (CS engine). The general steps are to:
This document describes the process and steps necessary to upgrade Docker
Trusted Registry and the commercially supported engine (CS engine). When you
first install, the general order is to install the CS engine, then install the
Trusted Registry. However, when you upgrade, you reverse that order.
* Get the latest version of the CS engine and install it.
* Get the latest version of Docker Trusted Registry.
**Note**: Ensure when upgrading the Trusted Registry, that you also upgrade to the latest CS Engine.
The following are overall steps, which are explained in detail in this document:
* Upgrade to latest version of Docker Trusted Registry.
* Get the latest version of the CS engine.
* Turn off the Trusted Registry and restart it again with the latest CS engine.
* Make any changes in your configuration.
* Verify you have completed the upgrade process with no errors.
## Upgrade to the latest version of the CS engine
The CS engine installation script set up the RHEL/Ubuntu package repositories,
so upgrading the CS engine only requires you to run the update commands on your server.
### CentOS 7.1 & RHEL 7.0/7.1 upgrade
The following commands will stop the running Docker Trusted Registry, upgrade CS engine,
and then start the Trusted Registry again:
```
$ sudo bash -c "$(sudo docker run docker/trusted-registry stop)"
$ sudo yum update
$ sudo systemctl daemon-reload && sudo systemctl restart docker
$ sudo bash -c "$(sudo docker run docker/trusted-registry start)"
```
### Ubuntu 14.04 LTS upgrade
The following commands will stop the running Docker Trusted Registry, upgrade CS engine,
and then start the Trusted Registry again:
```
$ sudo bash -c "$(sudo docker run docker/trusted-registry stop)"
$ sudo apt-get update && sudo apt-get dist-upgrade docker-engine-cs
$ sudo bash -c "$(sudo docker run docker/trusted-registry start)"
```
## Upgrade Docker Trusted Registry
1. Load the Docker Trusted Registry Dashboard in your browser and click Settings in the global nav bar.
2. Click Updates in the Settings nav bar. You can see the currently installed version and a message stating that the version is either current or that there is an update available. If an update is available, the message states: System Update Available and an enabled button Update to Version X.XX.
3. Click the Update button to start the update process.
Periodic upgrades to the Trusted Registry triggers a notification to appear in your Admin dashboard if you have enabled Upgrade checking in the
General > Settings section of the user interface (UI).
Docker Trusted Registry pulls new Docker Trusted Registry container images from the Docker Hub. If you have not already connected to Docker Hub, Docker Trusted Registry prompts you to log in.
To upgrade, perform the following steps:
The upgrade process requires a small amount of downtime to complete depending on your connection speed.
1. Load the Trusted Registry Dashboard in your browser and navigate to > Settings > Updates.
Docker Trusted Registry:
2. Click Updates in the Settings nav bar. You can see the currently installed version and a message stating that the version is either current or an update is
available. If an update is available, the message states: System Update
Available and an enabled button displays Update to version X.X.X.
* Connects to the Docker Hub to pull new container images with the new version of Docker Trusted Registry.
* Deploys those containers.
* Shuts down the old containers.
* Resolve any necessary links/urls.
3. Click Update to start the update process. The process may take longer than what the message indicates. To check the status of the install, SSH into the Trusted Registry host through a command line:
`$ sudo docker logs -f $(sudo docker ps -a --no-trunc | grep 'manager execute-upgrade' | head -n1 | awk '{print $1}')`
4. Refresh your screen to see the latest changes.
The Dashboard displays a message that the upgrade successfully completed and that you need to upgrade to the latest CS Engine.
### What is updated?
* The Trusted Registry pulls new container images from Docker Hub.
* It then deploys those containers.
* It stops and removes the old containers.
The upgrade process requires a small amount of downtime to complete.
> **Note**: If the CS engine is upgraded first, then
> the Trusted Registry can still be upgraded from the command line by running the following command. Ensure to put the correct version that you want.
>
> `sudo bash -c "$(sudo docker run docker/trusted-registry:1.1.0 upgrade 1.1.1)"`
> `$ sudo bash -c "$(sudo docker run docker/trusted-registry:1.3.3 upgrade 1.4.0)"`
## Upgrade to the latest version of the CS engine
1. Stop the Trusted Registry prior to upgrading the CS engine.
`$ sudo bash -c "$(sudo docker run docker/trusted-registry:1.4.0 stop)"`
**WARNING**: If you stop the CS Engine, while the Trusted Registry is running, the Trusted Registry may not perform as expected and you must restart it.
### CentOS 7.1 & RHEL 7.0/7.1 (YUM-based systems)
Perform the following commands in your terminal to remove your current CS
engine, and install the new version. When complete, restart the Trusted Registry
again.
1. Remove the current engine:
`$ sudo yum remove docker-engine-cs`
2. Add Docker's public key for CS packages:
`$ sudo rpm --import "https://pgp.mit.edu/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e"`
3. Install yum-utils if necessary:
`$ sudo yum install -y yum-utils`
4. Add the repository for the new version and disable the old one:
```
$ sudo yum-config-manager --add-repo https://packages.docker.com/1.9/yum/repo/main/centos/7
$ sudo yum-config-manager --disable 'Docker_cs*'
```
5. Install the new package:
`$ sudo yum install docker-engine`
6. Restart the Trusted Registry:
`$ sudo bash -c "$(sudo docker run docker/trusted-registry start)"`
### Ubuntu 14.04 LTS (APT-based systems)
Perform the following commands in your terminal to remove your current CS
engine, and install the new version. When complete, restart the Trusted Registry
again.
1. Remove the current engine:
`$ sudo apt-get remove docker-engine-cs`
2. Add Docker's public key for CS packages:
`$ curl -s 'https://pgp.mit.edu/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e' | sudo apt-key add --import`
3. Install the HTTPS helper for apt (your system may already have it):
`$ sudo apt-get update && sudo apt-get install apt-transport-https`
4. Add the repository for the new version:
`$ echo "deb https://packages.docker.com/1.9/apt/repo ubuntu-trusty main" | sudo tee /etc/apt/sources.list.d/docker.list`
**Note**: modify the "ubuntu-trusty" string for your flavor of ubuntu or debian.
* debian-jessie (Debian 8)
* debian-stretch (future release)
* debian-wheezy (Debian 7)
* ubuntu-precise (Ubuntu 12.04)
* ubuntu-trusty (Ubuntu 14.04)
* ubuntu-utopic (Ubuntu 14.10)
* ubuntu-vivid (Ubuntu 15.04)
* ubuntu-wily (Ubuntu 15.10)
5. Install the new package:
`$ sudo apt-get update && sudo apt-get install docker-engine`
6. Restart the Trusted Registry:
`$ sudo bash -c "$(sudo docker run docker/trusted-registry start)"`
## LDAP Configure options
With this release, there are several changes to the LDAP configuration options
that affect authentication and global roles.
* Performance for LDAP user authentication has been significantly increased,
reducing the number of required LDAP requests to only a single BIND request to
authenticate a user.
* The "Read-Write Search Filter" and "Read-Only Search Filter" fields have been
deprecated. You can now create organization accounts and teams in the Trusted
Registry to allow for more fine grained access control. Team member lists can be
synced with a group in LDAP.
* An "Admin Password" is now required. Use this password to login as the user
admin in case the Trusted Registry is unable to authenticate you using your LDAP
server. This account can be used to login to the Trusted Registry and correct
identity and authentication settings.
* Users on your LDAP server are now synced to the Trusted Registry's local
database using your configured "User Search Filter". Objects in LDAP that match
this filter and have a valid "User Login Attribute" are created as a local user
with the "User Login Attribute" as their username. Only these users are able to
login to Docker Trusted Registry.
* The "Admin LDAP DN" must now be specified to identify the group object on your
LDAP server. This should be synced to the system administrators list. The "Admin
Group Member Attribute" should be set to the name of the attribute on this group
object which corresponds to the Distinguished Name of the group member objects.
This setting deprecates the old "Admin Search Filter" field.
## See also

2
quick-start.md
View File

@ -15,7 +15,7 @@ weight=2
## Overview
This Quick Start Guide gives you a hands-on look at the basics of using
Docker Trusted Registry, Docker's on-premise image storage application.
Docker Trusted Registry, Docker's on-premises image storage application.
This guide will walk you through using Docker Trusted Registry to complete a typical, and critical,
part of building a development pipeline: setting up a Jenkins instance. Once you
complete the task, you should have a good idea of how Docker Trusted Registry works and how it might