diff --git a/ee/dtr/admin/install/index.md b/ee/dtr/admin/install/index.md index 779a009003..9b6170048c 100644 --- a/ee/dtr/admin/install/index.md +++ b/ee/dtr/admin/install/index.md @@ -26,50 +26,52 @@ You cannot install DTR on a standalone Docker Engine. ## Step 3. Install DTR -Once UCP is installed, navigate to the **UCP web UI**. In the **Admin Settings**, -choose **Docker Trusted Registry**. +Once UCP is installed, navigate to the UCP web interface as an admin. Expand your profile on the left +navigation pane, and select **Admin Settings > Docker Trusted Registry**. ![](../../images/install-dtr-2.png){: .with-border} -After you configure all the options, you'll have a snippet that you can use -to deploy DTR. It should look like this: +After you configure all the options, you should see a Docker CLI command that you can use +to install DTR. ```bash -# Pull the latest version of DTR -$ docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} - -# Install DTR -$ docker run -it --rm \ - {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} install \ +docker run -it --rm \ + {{ page.dtr_org }}/{{ page.dtr_repo }} install \ + --dtr-external-url dtr-example.com --ucp-node \ - --ucp-insecure-tls + --ucp-username admin \ + --ucp-url ``` -You can run that snippet on any node where Docker is installed. As an example -you can SSH into a UCP node and run the DTR installer from there. By default -the installer runs in interactive mode and prompts you for any additional -information that is necessary. -[Learn more about the installer](/reference/dtr/2.6/cli/install/). +You can run the DTR install command on any node where `docker` is installed. To verify, run `docker version`. +Check that your DTR version is compatible with your Engine - Enterprise and UCP versions using the [compatibility matrix](https://success.docker.com/article/compatibility-matrix). -By default DTR is deployed with self-signed certificates, so your UCP deployment -might not be able to pull images from DTR. -Use the `--dtr-external-url :` optional flag while deploying -DTR, so that UCP is automatically reconfigured to trust DTR. Since [HSTS (HTTP Strict-Transport-Security) -header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is included in all API responses, -make sure to specify the FQDN (Fully Qualified Domain Name) of your DTR, or your browser may refuse -to load the web interface. +As an example, you can SSH into a UCP node and install DTR from there. Running the installation command in interactive TTY or `-it` mode means you will be prompted for any required additional information. +[Learn more about installing DTR](/reference/dtr/2.7/cli/install/). + +To pull a specific version of DTR, run the following: + +```bash +docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} +``` +Replace `{{ page.dtr_version }}` with your desired version. Run the [installation command](#step-3-install-dtr) with the image you just pulled. + +DTR is deployed with self-signed certificates by default, so UCP might not be able to pull images from DTR. +Use the `--dtr-external-url :` optional flag during installation, so that UCP is automatically reconfigured to trust DTR. Additionally, with DTR 2.7, you can +[enable browser authentication via client certificates](/ee/enable-authentication-via-client-certificates/) +at install time. This bypasses the need for entering your username and password. ## Step 4. Check that DTR is running -In your browser, navigate to the Docker **Universal Control Plane** -web interface, and navigate to **Shared Resources > Stacks**. DTR should be listed -as an application. +In your browser, navigate to the UCP +web interface. Select **Shared Resources > Stacks** from the left navigation pane. You should see +DTR listed as a stack. - -![](../../images/install-dtr-3.png){: .with-border} - -You can also access the **DTR web interface**, to make sure it is working. In your -browser, navigate to the address where you installed DTR. +To verify that DTR is accessible from the browser, enter your DTR IP address or FQDN on the address bar. +Since [HSTS (HTTP Strict-Transport-Security) +header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is included in all API responses, +make sure to specify the FQDN (Fully Qualified Domain Name) of your DTR prefixed with `https://`, +or your browser may refuse to load the web interface. ![](../../images/create-repository-1.png){: .with-border} @@ -79,17 +81,21 @@ browser, navigate to the address where you installed DTR. After installing DTR, you should configure: * The certificates used for TLS communication. [Learn more](../configure/use-your-own-tls-certificates.md). - * The storage backend to store the Docker images. [Lean more](../configure/external-storage/index.md). + * The storage backend to store the Docker images. [Learn more](../configure/external-storage/index.md). - To perform these configurations, navigate to the **Settings** page of DTR. - - ![](../../images/auto-delete-job-logs-1.png){: .with-border} +### Web interface + * To update your TLS certificates, access DTR from the browser and navigate to **System > General**. + * To configure your storage backend, navigate to **System > Storage**. If you are upgrading and changing your existing storage backend, see [Switch storage backends](/ee/dtr/admin/configure/external-storage/storage-backend-migration/) for recommended steps. + +### Command line interface + + To reconfigure DTR using the CLI, see the reference page for [the reconfigure command](/reference/dtr/2.7/cli/reconfigure/). ## Step 6. Test pushing and pulling Now that you have a working installation of DTR, you should test that you can -push and pull images to it: +push and pull images: * [Configure your local Docker Engine](../../user/access-dtr/index.md) * [Create a repository](../../user/manage-images/index.md) @@ -104,10 +110,10 @@ you can add more replicas to your DTR cluster. Adding more replicas allows you to load-balance requests across all replicas, and keep DTR working if a replica fails. -For high-availability you should set 3, 5, or 7 DTR replicas. The nodes where -you're going to install these replicas also need to be managed by UCP. +For high-availability, you should set 3 or 5 DTR replicas. The replica nodes also need +to be managed by the same UCP. -To add replicas to a DTR cluster, use the `docker/dtr join` command: +To add replicas to a DTR cluster, use the [join](/reference/dtr/2.7/cli/join/) command: 1. Load your [UCP user bundle](/ee/ucp/user-access/cli/#use-client-certificates). @@ -128,14 +134,14 @@ To add replicas to a DTR cluster, use the `docker/dtr join` command: > --ucp-node > - > The following the --ucp-node flag is the target node to + > The `` following the `--ucp-node` flag is the target node to > install the DTR replica. This is NOT the UCP Manager URL. {: .important} 3. Check that all replicas are running. - In your browser, navigate to the Docker **Universal Control Plane** - web interface, and navigate to **Shared Resources > Stacks**. All replicas should + In your browser, navigate to UCP's + web interface. Select **Shared Resources > Stacks**. All replicas should be displayed. ![](../../images/install-dtr-6.png){: .with-border} diff --git a/ee/dtr/images/install-dtr-2.png b/ee/dtr/images/install-dtr-2.png index 3c8234b214..b475565382 100644 Binary files a/ee/dtr/images/install-dtr-2.png and b/ee/dtr/images/install-dtr-2.png differ diff --git a/ee/dtr/images/install-dtr-6.png b/ee/dtr/images/install-dtr-6.png index 340a4615c4..76d64e2893 100644 Binary files a/ee/dtr/images/install-dtr-6.png and b/ee/dtr/images/install-dtr-6.png differ diff --git a/ee/dtr/images/scheduling-options.png b/ee/dtr/images/scheduling-options.png new file mode 100644 index 0000000000..5f84a0ae53 Binary files /dev/null and b/ee/dtr/images/scheduling-options.png differ diff --git a/ee/ucp/admin/install/index.md b/ee/ucp/admin/install/index.md index 5fece24ed2..3b5ef349e4 100644 --- a/ee/ucp/admin/install/index.md +++ b/ee/ucp/admin/install/index.md @@ -83,6 +83,11 @@ To install UCP: >[Install an unmanaged CNI plugin](/ee/ucp/kubernetes/install-cni-plugin/). {: important} +3. Turn off scheduling on UCP managers and DTR nodes since it is on by default. Workloads cannot be run on manager nodes. +Make sure all options shown in the following screen shot are unchecked: + + ![Scheduling options](../../images/scheduling-options.png){: .with-border} + ## Step 5: License your installation Now that UCP is installed, you need to license it. To use UCP you are required to have a Docker EE standard or advanced subscription, or you can test the platform with a free trial license. diff --git a/ee/ucp/images/scheduling-options.png b/ee/ucp/images/scheduling-options.png new file mode 100644 index 0000000000..5f84a0ae53 Binary files /dev/null and b/ee/ucp/images/scheduling-options.png differ