From ea6566d511e0b5cdb936c4f4bf8e16c6154931c9 Mon Sep 17 00:00:00 2001 From: French Ben Date: Wed, 18 Jan 2017 10:55:09 -0800 Subject: [PATCH 1/6] Updated docs to remove beta and stable link Signed-off-by: French Ben --- _data/toc.yaml | 2 + docker-for-aws/faqs.md | 2 +- docker-for-aws/iam-permissions.md | 313 ++++++++++++++++++++++++++++++ docker-for-aws/index.md | 13 +- docker-for-aws/release-notes.md | 13 +- docker-for-aws/upgrade.md | 8 +- docker-for-azure/faqs.md | 20 +- docker-for-azure/release-notes.md | 19 +- docker-for-azure/upgrade.md | 10 +- 9 files changed, 356 insertions(+), 44 deletions(-) create mode 100644 docker-for-aws/iam-permissions.md diff --git a/_data/toc.yaml b/_data/toc.yaml index c5d002c5c33..91869804a21 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -69,6 +69,8 @@ toc: section: - path: /docker-for-aws/ title: Setup & Prerequisites + - path: /docker-for-aws/iam-permissions/ + title: IAM Permissions - path: /docker-for-aws/scaling/ title: Scaling - path: /docker-for-aws/upgrade/ diff --git a/docker-for-aws/faqs.md b/docker-for-aws/faqs.md index f99e2f015c6..c15082ae7f6 100644 --- a/docker-for-aws/faqs.md +++ b/docker-for-aws/faqs.md @@ -75,7 +75,7 @@ _Please note that your output will be slightly different from the above, dependi ## Analytics -The beta versions of Docker for AWS and Azure send anonymized analytics to Docker. These analytics are used to monitor beta adoption and are critical to improve Docker for AWS and Azure. +Docker for AWS sends anonymized minimal analytics to Docker (heartbeat). These analytics are used to monitor adoption and are critical to improve Docker for AWS. ## How to run administrative commands? diff --git a/docker-for-aws/iam-permissions.md b/docker-for-aws/iam-permissions.md new file mode 100644 index 00000000000..03604e58139 --- /dev/null +++ b/docker-for-aws/iam-permissions.md @@ -0,0 +1,313 @@ +--- +description: IAM permissions +keywords: aws iam permissions +title: Docker for AWS IAM permissions +--- + +Here is a list of IAM permissions that are required in order to use Docker for AWS. + +If you want to deploy Docker for AWS, your account will need to have these permission, or else the stack will not +deploy correctly. It is possible to create an IAM role with these permissions, and use that role when creating the +stack, and CloudFormation will use the role's permissions instead of your own. This feature is called [AWS CloudFormation Service Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html?icmpid=docs_cfn_console) +follow the link for more information. + +``` +{% raw %} +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "Stmt1481924239005", + "Effect": "Allow", + "Action": [ + "cloudformation:CancelUpdateStack", + "cloudformation:ContinueUpdateRollback", + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:CreateUploadBucket", + "cloudformation:DeleteStack", + "cloudformation:DescribeAccountLimits", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:EstimateTemplateCost", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetStackPolicy", + "cloudformation:GetTemplate", + "cloudformation:GetTemplateSummary", + "cloudformation:ListChangeSets", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", + "cloudformation:PreviewStackUpdate", + "cloudformation:SetStackPolicy", + "cloudformation:SignalResource", + "cloudformation:UpdateStack", + "cloudformation:ValidateTemplate" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924344000", + "Effect": "Allow", + "Action": [ + "ec2:AllocateHosts", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVolume", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkAcl", + "ec2:CreateNetworkAclEntry", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:CreateVpc", + "ec2:DeleteInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkAclEntry", + "ec2:DeleteNetworkInterface", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVolume", + "ec2:DeleteVpc", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeHosts", + "ec2:DescribeImageAttribute", + "ec2:DescribeImages", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeKeyPairs", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVolumeAttribute", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVolumes", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DetachInternetGateway", + "ec2:DetachNetworkInterface", + "ec2:DetachVolume", + "ec2:DisassociateAddress", + "ec2:DisassociateRouteTable", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot", + "ec2:ModifyVpcAttribute", + "ec2:RebootInstances", + "ec2:ReleaseAddress", + "ec2:ReleaseHosts", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924651000", + "Effect": "Allow", + "Action": [ + "autoscaling:AttachInstances", + "autoscaling:AttachLoadBalancers", + "autoscaling:CompleteLifecycleAction", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteLifecycleHook", + "autoscaling:DeleteNotificationConfiguration", + "autoscaling:DeletePolicy", + "autoscaling:DeleteScheduledAction", + "autoscaling:DeleteTags", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeAutoScalingNotificationTypes", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHookTypes", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeTags", + "autoscaling:DetachInstances", + "autoscaling:DetachLoadBalancers", + "autoscaling:DisableMetricsCollection", + "autoscaling:EnableMetricsCollection", + "autoscaling:EnterStandby", + "autoscaling:ExecutePolicy", + "autoscaling:ExitStandby", + "autoscaling:PutLifecycleHook", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:RecordLifecycleActionHeartbeat", + "autoscaling:ResumeProcesses", + "autoscaling:SetDesiredCapacity", + "autoscaling:SetInstanceHealth", + "autoscaling:SetInstanceProtection", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924759004", + "Effect": "Allow", + "Action": [ + "dynamodb:CreateTable", + "dynamodb:DeleteItem", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:ListTables", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924854000", + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DescribeLogGroups", + "logs:GetLogEvents", + "logs:PutLogEvents", + "logs:PutRetentionPolicy" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924989003", + "Effect": "Allow", + "Action": [ + "sqs:ChangeMessageVisibility", + "sqs:CreateQueue", + "sqs:DeleteMessage", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ListQueues", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:SetQueueAttributes" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924989002", + "Effect": "Allow", + "Action": [ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateRole", + "iam:DeleteInstanceProfile", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:GetRole", + "iam:PassRole", + "iam:PutRolePolicy", + "iam:RemoveRoleFromInstanceProfile" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "Stmt1481924989001", + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:DeleteLoadBalancerPolicy", + "elasticloadbalancing:DeleteRule", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer", + "elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:SetLoadBalancerListenerSSLCertificate", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets" + ], + "Resource": [ + "*" + ] + } + ] +} +{% endraw %} +``` diff --git a/docker-for-aws/index.md b/docker-for-aws/index.md index 599396293e1..c254527fcf5 100644 --- a/docker-for-aws/index.md +++ b/docker-for-aws/index.md @@ -7,18 +7,19 @@ redirect_from: - /engine/installation/amazon/ --- + ## Prerequisites -- Access to an AWS account with permissions to use CloudFormation and creating the following objects +- Access to an AWS account with permissions to use CloudFormation and creating the following objects. [Full set of required permissions](iam-permissions.md). - EC2 instances + Auto Scaling groups - IAM profiles - DynamoDB Tables - SQS Queue - - VPC + subnets + - VPC + subnets and security groups - ELB - CloudWatch Log Group - SSH key in AWS in the region where you want to deploy (required to access the completed Docker install) -- AWS account that support EC2-VPC (See the [FAQ for details about EC2-Classic](../faq/aws.md)) +- AWS account that support EC2-VPC (See the [FAQ for details about EC2-Classic](faqs.md)) For more information about adding an SSH key pair to your account, please refer to the [Amazon EC2 Key Pairs docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) @@ -38,7 +39,7 @@ The EC2 instance type for your worker nodes. The EC2 instance type for your manager nodes. The larger your swarm, the larger the instance size you should use. #### ClusterSize -The number of workers you want in your swarm (1-1000). +The number of workers you want in your swarm (0-1000). #### ManagerSize The number of Managers in your swarm. You can pick either 1, 3 or 5 managers. We only recommend 1 manager for testing and dev setups. There are no failover guarantees with 1 manager — if the single manager fails the swarm will go down as well. Additionally, upgrading single-manager swarms is not currently guaranteed to succeed. @@ -81,7 +82,7 @@ Go to the [Release Notes](release-notes.md) page, and click on the "launch stack You can also invoke the Docker for AWS CloudFormation template from the AWS CLI: Here is an example of how to use the CLI. Make sure you populate all of the parameters and their values: -``` +```bash $ aws cloudformation create-stack --stack-name teststack --template-url --parameters ParameterKey=KeyName,ParameterValue= ParameterKey=InstanceType,ParameterValue=t2.micro ParameterKey=ManagerInstanceType,ParameterValue=t2.micro ParameterKey=ClusterSize,ParameterValue=1 --capabilities CAPABILITY_IAM ``` @@ -91,7 +92,7 @@ To fully automate installs, you can use the [AWS Cloudformation API](http://docs Docker for AWS starts with a CloudFormation template that will create everything that you need from scratch. There are only a few prerequisites that are listed above. -It first starts off by creating a new VPC along with subnets and security groups. Once the networking is set up, it will create two Auto Scaling Groups, one for the managers and one for the workers, and set the desired capacity that was selected in the CloudFormation setup form. The managers will start up first and create a Swarm manager quorum using Raft. The workers will then start up and join the swarm one by one, until all of the workers are up and running. At this point you will have x number of managers and y number of workers in your swarm, that are ready to handle your application deployments. See the [deployment](../deploy.md) docs for your next steps. +It first starts off by creating a new VPC along with subnets and security groups. Once the networking is set up, it will create two Auto Scaling Groups, one for the managers and one for the workers, and set the desired capacity that was selected in the CloudFormation setup form. The managers will start up first and create a Swarm manager quorum using Raft. The workers will then start up and join the swarm one by one, until all of the workers are up and running. At this point you will have x number of managers and y number of workers in your swarm, that are ready to handle your application deployments. See the [deployment](deploy.md) docs for your next steps. If you increase the number of instances running in your worker Auto Scaling Group (via the AWS console, or updating the CloudFormation configuration), the new nodes that will start up will automatically join the swarm. diff --git a/docker-for-aws/release-notes.md b/docker-for-aws/release-notes.md index 8e5fb9c91ca..64d581f4592 100644 --- a/docker-for-aws/release-notes.md +++ b/docker-for-aws/release-notes.md @@ -4,17 +4,24 @@ keywords: aws, amazon, iaas, release title: Docker for AWS Release Notes --- +## 1.13.0-1 +Release date: 1/18/2017 + +![Docker for AWS](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png) + +### New +- Docker Engine upgraded to [Docker 1.13.0](https://github.com/docker/docker/blob/master/CHANGELOG.md) +- Change ELB health check from TCP to HTTP + ## 1.13.0-rc3-beta13 Release date: 12/06/2016 -![Docker for AWS](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png) - ### New - Docker Engine upgraded to [Docker 1.13.0-rc3](https://github.com/docker/docker/blob/master/CHANGELOG.md) - New option to decide if you want to send container logs to CloudWatch. (previously it was always on) - SSH access has been added to the worker nodes - The Docker daemon no longer listens on port 2375 -- Added a `swarm-exec` to execute a docker command across all of the swarm nodes. See [Executing Docker commands in all swarm nodes](../deploy#execute-docker-commands-in-all-swarm-nodes) for more details. +- Added a `swarm-exec` to execute a docker command across all of the swarm nodes. See [Executing Docker commands in all swarm nodes](deploy.md#execute-docker-commands-in-all-swarm-nodes) for more details. ## 1.13.0-rc2-beta12 Release date: 11/23/2016 diff --git a/docker-for-aws/upgrade.md b/docker-for-aws/upgrade.md index 4d619ce0ea1..e06917607e1 100644 --- a/docker-for-aws/upgrade.md +++ b/docker-for-aws/upgrade.md @@ -4,22 +4,20 @@ keywords: aws, amazon, iaas, tutorial title: Docker for AWS Upgrades --- -Docker for AWS has support upgrading from one beta version to the next. Upgrades are done by applying a new version of the AWS Cloudformation template that powers Docker for Azure. Depending on changes in the next version, an upgrade involves: +Upgrades are done by applying a new version of the AWS Cloudformation template that powers Docker for Azure. Depending on changes in the next version, an upgrade involves: * Changing the AMI backing manager and worker nodes (the Docker engine ships in the AMI) * Upgrading service containers * Changing the resource setup in the VPC that hosts Docker for AWS -To be notified of updates, submit your email address at [https://beta.docker.com/](https://beta.docker.com/). - ## Prerequisites * We recommend only attempting upgrades of swarms with at least 3 managers. A 1-manager swarm may not be able to maintain quorum during the upgrade - * Upgrades are only supported from one version to the next version, for example beta-11 to beta-12. Skipping a version during an upgrade is not supported. For example, upgrading from beta-10 to beta-12 is not supported. Downgrades are not tested. + * Upgrades are only supported from one version to the next version. Skipping a version during an upgrade is not supported. Downgrades are not tested. ## Upgrading -If you submit your email address at [https://beta.docker.com/](beta.docker.com) Docker will notify you of new releases by email. New releases are also posted on the [Release Notes](https://beta.docker.com/docs/aws/release-notes/) page. +New releases are also posted on the [Release Notes](release-notes.md) page. To initiate an update, use either the AWS Console of the AWS cli to initiate a stack update. Use the S3 template URL for the new release and complete the update wizard. This will initiate a rolling upgrade of the Docker swarm, and service state will be maintained during and after the upgrade. Appropriately scaled services should not experience downtime during an upgrade. diff --git a/docker-for-azure/faqs.md b/docker-for-azure/faqs.md index 44c2cda0b31..77c6c96a330 100644 --- a/docker-for-azure/faqs.md +++ b/docker-for-azure/faqs.md @@ -4,24 +4,6 @@ keywords: azure faqs title: Docker for Azure Frequently asked questions (FAQ) --- -## How long will it take before I get accepted into the Docker for Azure private beta? - -Docker for Azure is built on top of Docker 1.13, but as with all Beta, things are still changing, which means things can break between release candidates. - -We are currently rolling it out slowly to make sure everything is working as it should. This is to ensure that if there are any issues we limit the number of people that are affected. - -## Why do you need my Azure Subscription ID? - -We are using a private custom VHD, and in order to give you access to this VHD, we need your Azure Subscription ID. - -## How do I find my Azure Subscription ID? - -You can find this information your Azure Portal Subscription. For more info, look at the directions on [this page](../index.md). - -## I use more than one Azure Subscription ID, how do I get access to all of them. - -Use the beta sign up form, and put the subscription ID that you need to use most there. Then email us with your information and your other Azure Subscription ID, and we will do our best to add those accounts as well. But due to the large amount of requests, it might take a while before those subscriptions to get added, so be sure to include the important one in the sign up form, so at least you will have that one. - ## Can I use my own VHD? No, at this time we only support the default Docker for Azure VHD. @@ -53,7 +35,7 @@ _Please note that your output will be slightly different from the above, dependi ## Analytics -The beta versions of Docker for AWS and Azure send anonymized analytics to Docker. These analytics are used to monitor beta adoption and are critical to improve Docker for AWS and Azure. +Docker for Azure sends anonymized minimal analytics to Docker (heartbeat). These analytics are used to monitor adoption and are critical to improve Docker for Azure. ## How to run administrative commands? diff --git a/docker-for-azure/release-notes.md b/docker-for-azure/release-notes.md index df4298c9c17..4341cd8e816 100644 --- a/docker-for-azure/release-notes.md +++ b/docker-for-azure/release-notes.md @@ -4,18 +4,29 @@ keywords: azure, microsoft, iaas, tutorial title: Docker for Azure Release Notes --- +## 1.13.0-1 +Release date: 1/18/2017 + +![Docker for Azure](http://azuredeploy.net/deploybutton.png) + +### New + +- Docker Engine upgraded to [Docker 1.13.0](https://github.com/docker/docker/blob/master/CHANGELOG.md) +- Writing to home directory no longer requires `sudo` +- Added support to perform fine grained monitoring of health status of swarm nodes, destroy unhealthy nodes and create replacement nodes +- Added support to scale the number of nodes in manager and worker vm scale sets through Azure UI/CLI for managing the number of nodes in a scale set +- Improved logging and remote diagnostics mechanisms for system containers + ## 1.13.0-beta12 Release date: 12/09/2016 -![Docker for Azure](http://azuredeploy.net/deploybutton.png) - ### New - Docker Engine upgraded to [Docker 1.13.0-rc2](https://github.com/docker/docker/blob/master/CHANGELOG.md) - SSH access has been added to the worker nodes - The Docker daemon no longer listens on port 2375 -- Added a `swarm-exec` to execute a docker command across all of the swarm nodes. See [Executing Docker commands in all swarm nodes](../deploy#execute-docker-commands-in-all-swarm-nodes) for more details. +- Added a `swarm-exec` to execute a docker command across all of the swarm nodes. See [Executing Docker commands in all swarm nodes](deploy.md#execute-docker-commands-in-all-swarm-nodes) for more details. ## 1.12.3-beta10 @@ -30,7 +41,7 @@ This could have led to a potential man in the middle (MITM) attack. The ssh host - The SSH ELB for SSH'ing into the managers has been removed because it is no longer possible to SSH into the managers without getting a security warning - Multiple managers can be deployed - All container logs can be found in the `xxxxlog` storage account -- Each Manager can be SSH'd into by following our deploy [guide](../deploy) +- Each Manager can be SSH'd into by following our deploy [guide](deploy.md) ## 1.12.2-beta9 diff --git a/docker-for-azure/upgrade.md b/docker-for-azure/upgrade.md index 4874ba6ece2..8c437ba4d68 100644 --- a/docker-for-azure/upgrade.md +++ b/docker-for-azure/upgrade.md @@ -4,24 +4,22 @@ keywords: azure, microsoft, iaas, tutorial title: Docker for Azure Upgrades --- -Docker for Azure supports upgrading from one beta version to the next. Upgrades are done by applying a new version of the Azure ARM template that powers Docker for Azure. An upgrade of Docker for Azure involves: +Docker for Azure supports upgrading from one version to the next. Upgrades are done by applying a new version of the Azure ARM template that powers Docker for Azure. An upgrade of Docker for Azure involves: * Upgrading the VHD backing the manager and worker nodes (the Docker engine ships in the VHD) * Upgrading service containers in the manager and worker nodes * Changing any other resources in the Azure Resource Group that hosts Docker for Azure -To be notified of updates, submit your email address at [https://beta.docker.com/](https://beta.docker.com/). ## Prerequisites * We recommend only attempting upgrades of swarms with at least 3 managers. A 1-manager swarm may not be able to maintain quorum during the upgrade - * Upgrades are only supported from one version to the next version, for example beta-13 to beta-14. Skipping a version during an upgrade is not supported. Downgrades are not tested. - * Please make sure there are no nodes in the swarm in "down" status. If there are such nodes in the swarm, please remove them from the swarm using - docker node rm node-id + * Upgrades are only supported from one version to the next version. Skipping a version during an upgrade is not supported. Downgrades are not tested. + * Please make sure there are no nodes in the swarm in "down" status. If there are such nodes in the swarm, please remove them from the swarm using docker node rm node-id ## Upgrading -If you submit your email address at [https://beta.docker.com/](beta.docker.com) Docker will notify you of new releases by email. New releases are also posted on the [Release Notes](https://beta.docker.com/docs/azure/release-notes/) page. +New releases are also posted on the [Release Notes](release-notes.md) page. To initiate an upgrade, SSH into a manager node and issue the following command: From de10cf4b1f6652fe71d8230b1c445e6d01fc6e58 Mon Sep 17 00:00:00 2001 From: French Ben Date: Wed, 18 Jan 2017 11:31:00 -0800 Subject: [PATCH 2/6] Fixed wording and added log details Signed-off-by: French Ben --- docker-for-aws/faqs.md | 4 ++++ docker-for-aws/iam-permissions.md | 9 +++++---- docker-for-aws/index.md | 2 +- docker-for-aws/upgrade.md | 6 +++--- docker-for-azure/faqs.md | 4 ++++ docker-for-azure/release-notes.md | 2 +- docker-for-azure/upgrade.md | 8 ++++---- 7 files changed, 22 insertions(+), 13 deletions(-) diff --git a/docker-for-aws/faqs.md b/docker-for-aws/faqs.md index c15082ae7f6..25f20cfcf8b 100644 --- a/docker-for-aws/faqs.md +++ b/docker-for-aws/faqs.md @@ -55,6 +55,10 @@ All of Amazons regions have at least 2 AZ's, and some have more. To make sure Do As part of the prerequisites, you need to have an SSH key uploaded to the AWS region you are trying to deploy to. For more information about adding an SSH key pair to your account, please refer to the [Amazon EC2 Key Pairs docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) +## Where are my container logs? + +All container logs are aggregated within [AWS CloudWatch](https://aws.amazon.com/cloudwatch/). + ## I have a problem/bug where do I report it? Send an email to or post to the [Docker for AWS](https://github.com/docker/for-aws) GitHub repositories. diff --git a/docker-for-aws/iam-permissions.md b/docker-for-aws/iam-permissions.md index 03604e58139..3db214edbf7 100644 --- a/docker-for-aws/iam-permissions.md +++ b/docker-for-aws/iam-permissions.md @@ -4,11 +4,12 @@ keywords: aws iam permissions title: Docker for AWS IAM permissions --- -Here is a list of IAM permissions that are required in order to use Docker for AWS. +The following IAM permissions are required to use Docker for AWS. -If you want to deploy Docker for AWS, your account will need to have these permission, or else the stack will not -deploy correctly. It is possible to create an IAM role with these permissions, and use that role when creating the -stack, and CloudFormation will use the role's permissions instead of your own. This feature is called [AWS CloudFormation Service Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html?icmpid=docs_cfn_console) +Before you deploy Docker for AWS, your account needs these permissions for the stack to deploy correctly. +If you create and use an IAM role with these permissions for creating the stack, CloudFormation will use the role's permissions instead of your own, using the AWS CloudFormation Service Role feature. + +This feature is called [AWS CloudFormation Service Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html?icmpid=docs_cfn_console) follow the link for more information. ``` diff --git a/docker-for-aws/index.md b/docker-for-aws/index.md index c254527fcf5..152d6c1f19f 100644 --- a/docker-for-aws/index.md +++ b/docker-for-aws/index.md @@ -92,7 +92,7 @@ To fully automate installs, you can use the [AWS Cloudformation API](http://docs Docker for AWS starts with a CloudFormation template that will create everything that you need from scratch. There are only a few prerequisites that are listed above. -It first starts off by creating a new VPC along with subnets and security groups. Once the networking is set up, it will create two Auto Scaling Groups, one for the managers and one for the workers, and set the desired capacity that was selected in the CloudFormation setup form. The managers will start up first and create a Swarm manager quorum using Raft. The workers will then start up and join the swarm one by one, until all of the workers are up and running. At this point you will have x number of managers and y number of workers in your swarm, that are ready to handle your application deployments. See the [deployment](deploy.md) docs for your next steps. +The CloudFormation template first creates a new VPC along with subnets and security groups. After the networking set-up completes, two Auto Scaling Groups are created, one for the managers and one for the workers, and the configured capacity setting is applied. Managers start first and create a quorum using Raft, then the workers start and join the swarm one at a time. At this point, the swarm is comprised of X number of managers and Y number of workers, and you can deploy your applications. See the [deployment](deploy.md) docs for your next steps. If you increase the number of instances running in your worker Auto Scaling Group (via the AWS console, or updating the CloudFormation configuration), the new nodes that will start up will automatically join the swarm. diff --git a/docker-for-aws/upgrade.md b/docker-for-aws/upgrade.md index e06917607e1..c7f466c9b6e 100644 --- a/docker-for-aws/upgrade.md +++ b/docker-for-aws/upgrade.md @@ -4,7 +4,7 @@ keywords: aws, amazon, iaas, tutorial title: Docker for AWS Upgrades --- -Upgrades are done by applying a new version of the AWS Cloudformation template that powers Docker for Azure. Depending on changes in the next version, an upgrade involves: +To upgrade, apply a new version of the AWS Cloudformation template that powers Docker for Azure. Depending on changes in the next version, an upgrade involves: * Changing the AMI backing manager and worker nodes (the Docker engine ships in the AMI) * Upgrading service containers @@ -13,11 +13,11 @@ Upgrades are done by applying a new version of the AWS Cloudformation template t ## Prerequisites * We recommend only attempting upgrades of swarms with at least 3 managers. A 1-manager swarm may not be able to maintain quorum during the upgrade - * Upgrades are only supported from one version to the next version. Skipping a version during an upgrade is not supported. Downgrades are not tested. + * You can only upgrade one version at a time. Skipping a version during an upgrade is not supported. Downgrades are not tested. ## Upgrading -New releases are also posted on the [Release Notes](release-notes.md) page. +New releases are announced on [Release Notes](release-notes.md) page. To initiate an update, use either the AWS Console of the AWS cli to initiate a stack update. Use the S3 template URL for the new release and complete the update wizard. This will initiate a rolling upgrade of the Docker swarm, and service state will be maintained during and after the upgrade. Appropriately scaled services should not experience downtime during an upgrade. diff --git a/docker-for-azure/faqs.md b/docker-for-azure/faqs.md index 77c6c96a330..8bdac423245 100644 --- a/docker-for-azure/faqs.md +++ b/docker-for-azure/faqs.md @@ -15,6 +15,10 @@ Not at this time, but it is on our roadmap for future releases. Docker for Azure should work with all supported Azure Marketplace regions. +## Where are my container logs? + +All container logs are aggregated within the `xxxxlog` storage account. + ## I have a problem/bug where do I report it? Send an email to or post to the [Docker for Azure](https://github.com/docker/for-azure) GitHub repositories. diff --git a/docker-for-azure/release-notes.md b/docker-for-azure/release-notes.md index 4341cd8e816..8c24cdd7f1a 100644 --- a/docker-for-azure/release-notes.md +++ b/docker-for-azure/release-notes.md @@ -41,7 +41,7 @@ This could have led to a potential man in the middle (MITM) attack. The ssh host - The SSH ELB for SSH'ing into the managers has been removed because it is no longer possible to SSH into the managers without getting a security warning - Multiple managers can be deployed - All container logs can be found in the `xxxxlog` storage account -- Each Manager can be SSH'd into by following our deploy [guide](deploy.md) +- You can connect to each manager using SSH by following our deploy [guide](deploy.md) ## 1.12.2-beta9 diff --git a/docker-for-azure/upgrade.md b/docker-for-azure/upgrade.md index 8c437ba4d68..a6ed6af21a6 100644 --- a/docker-for-azure/upgrade.md +++ b/docker-for-azure/upgrade.md @@ -4,7 +4,7 @@ keywords: azure, microsoft, iaas, tutorial title: Docker for Azure Upgrades --- -Docker for Azure supports upgrading from one version to the next. Upgrades are done by applying a new version of the Azure ARM template that powers Docker for Azure. An upgrade of Docker for Azure involves: +Docker for Azure supports upgrading from one version to the next. To upgrade, apply a new version of the Azure ARM template that powers Docker for Azure. An upgrade of Docker for Azure involves: * Upgrading the VHD backing the manager and worker nodes (the Docker engine ships in the VHD) * Upgrading service containers in the manager and worker nodes @@ -14,12 +14,12 @@ Docker for Azure supports upgrading from one version to the next. Upgrades are d ## Prerequisites * We recommend only attempting upgrades of swarms with at least 3 managers. A 1-manager swarm may not be able to maintain quorum during the upgrade - * Upgrades are only supported from one version to the next version. Skipping a version during an upgrade is not supported. Downgrades are not tested. - * Please make sure there are no nodes in the swarm in "down" status. If there are such nodes in the swarm, please remove them from the swarm using docker node rm node-id + * You can only upgrade one version at a time. Skipping a version during an upgrade is not supported. Downgrades are not tested. + * Ensure there are no nodes in the swarm in "down" status. If there are such nodes in the swarm, please remove them from the swarm using `docker node rm node-id` ## Upgrading -New releases are also posted on the [Release Notes](release-notes.md) page. +New releases are announced on the [Release Notes](release-notes.md) page. To initiate an upgrade, SSH into a manager node and issue the following command: From ed9202a41d6c540db933da17fb514316f7cfb1bc Mon Sep 17 00:00:00 2001 From: French Ben Date: Wed, 18 Jan 2017 14:02:27 -0800 Subject: [PATCH 3/6] Added info about sp-options Signed-off-by: French Ben --- docker-for-azure/index.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docker-for-azure/index.md b/docker-for-azure/index.md index 9034389d12e..dc305bc7036 100644 --- a/docker-for-azure/index.md +++ b/docker-for-azure/index.md @@ -34,21 +34,26 @@ The number of workers you want in your swarm (1-100). ### Service Principal To set up Docker for Azure, a [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) is required. Docker for Azure uses the principal to operate Azure APIs as you scale up and down or deploy apps on your swarm. Docker provides a containerized helper-script to help create the Service Principal: - - docker run -ti docker4x/create-sp-azure sp-name +``` + docker run -ti docker4x/create-sp-azure sp-name rg-name rg-region ... Your access credentials ============================= AD App ID: AD App Secret: AD Tenant ID: +``` If you have multiple Azure subscriptions, make sure you're creating the Service Principal with subscription ID that you shared with Docker when signing up for the beta. -`sp-name` is the name of the authentication app that the script creates with Azure. The name is not important, simply choose something you'll recognize in the Azure portal. +* `sp-name` is the name of the authentication app that the script creates with Azure. The name is not important, simply choose something you'll recognize in the Azure portal. Example: `sp1`. +* `rg-name` is the name of the new resource group that will be created to deploy the resources (VMs, networks, storage accounts) associated with the swarm. The Service Principal will be scoped to this resource group. Example: `swarm1`. +* `rg-region` is the name of Azure's region/location where the resource group will be created. This needs to be one of the regions supported by Azure e.g. `westus`, `centralus`, `eastus`. + +While `rg-name` and `rg-region` are optional, it's highly recommended that you create the resource group up front and scope the service principal to that specific resource group. If the script fails, it's typically because your Azure user account doesn't have sufficient privileges. Contact your Azure administrator. -When setting up the ARM template, you will be prompted for the App ID (a UUID) and the app secret. +When setting up the ARM template, you will be prompted for the App ID (a UUID) and the app secret. If you specified the resource group name and location parameters, please choose the option to deploy the template into an existing resource group and pass the same name and region/location that were passed above to create-sp-azure. ### SSH Key From 3c37a19b98634fece4e8ed8395691025ab4d8e42 Mon Sep 17 00:00:00 2001 From: French Ben Date: Wed, 18 Jan 2017 14:51:50 -0800 Subject: [PATCH 4/6] Added pull for the sp image Signed-off-by: French Ben --- docker-for-azure/index.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docker-for-azure/index.md b/docker-for-azure/index.md index dc305bc7036..7d46501ba27 100644 --- a/docker-for-azure/index.md +++ b/docker-for-azure/index.md @@ -33,7 +33,11 @@ The number of workers you want in your swarm (1-100). ### Service Principal -To set up Docker for Azure, a [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) is required. Docker for Azure uses the principal to operate Azure APIs as you scale up and down or deploy apps on your swarm. Docker provides a containerized helper-script to help create the Service Principal: +To set up Docker for Azure, a [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) is required. Docker for Azure uses the principal to operate Azure APIs as you scale up and down or deploy apps on your swarm. Docker provides a containerized helper-script to help create the Service Principal - `docker4x/create-sp-azure`. + +Ensure the latest version of `docker4x/create-sp-azure` has been downloaded to your local environment: `docker pull docker4x/create-sp-azure:latest` + +Then run the sp-azure script with the following arguments: ``` docker run -ti docker4x/create-sp-azure sp-name rg-name rg-region ... From 6d3c643b4613b91cf49ffe5246896c7ec98f09c4 Mon Sep 17 00:00:00 2001 From: French Ben Date: Wed, 18 Jan 2017 14:58:37 -0800 Subject: [PATCH 5/6] fixed broken images Signed-off-by: French Ben --- docker-for-aws/deploy.md | 2 +- docker-for-aws/scaling.md | 6 +++--- docker-for-aws/upgrade.md | 2 +- docker-for-azure/deploy.md | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-for-aws/deploy.md b/docker-for-aws/deploy.md index 73511659ab2..44df2c333cf 100644 --- a/docker-for-aws/deploy.md +++ b/docker-for-aws/deploy.md @@ -23,7 +23,7 @@ the swarm in your AWS console. Once present on this page, you can see the "Public IP" of each manager node in the table and/or "Description" tab if you click on the instance. -![](/img/managers.png) +![](img/managers.png) ## Connecting via SSH diff --git a/docker-for-aws/scaling.md b/docker-for-aws/scaling.md index b2c67edbb6c..cbc9604c3f2 100644 --- a/docker-for-aws/scaling.md +++ b/docker-for-aws/scaling.md @@ -17,17 +17,17 @@ Login to the AWS console, and go to the EC2 dashboard. On the lower left hand si Look for the Auto Scaling group with the name that looks like $STACK_NAME-NodeASG-* Where `$STACK_NAME` is the name of the stack you created when filling out the CloudFormation template for Docker for AWS. Once you find it, click the checkbox, next to the name. Then Click on the "Edit" button on the lower detail pane. - + Change the "Desired" field to the size of the worker pool that you would like, and hit "Save". - + This will take a few minutes and add the new workers to your swarm automatically. To lower the number of workers back down, you just need to update "Desired" again, with the lower number, and it will shrink the worker pool until it reaches the new size. ### CloudFormation Update Go to the CloudFormation management page, and click the checkbox next to the stack you want to update. Then Click on the action button at the top, and select "Update Stack". - + Pick "Use current template", and then click "Next". Fill out the same parameters you have specified before, but this time, change your worker count to the new count, click "Next". Answer the rest of the form questions. CloudFormation will show you a preview of the changes it will make. Review the changes and if they look good, click "Update". CloudFormation will change the worker pool size to the new value you specified. It will take a few minutes (longer for a larger increase / decrease of nodes), but when complete you will have your swarm with the new worker pool size. diff --git a/docker-for-aws/upgrade.md b/docker-for-aws/upgrade.md index c7f466c9b6e..aa48893d8f4 100644 --- a/docker-for-aws/upgrade.md +++ b/docker-for-aws/upgrade.md @@ -21,7 +21,7 @@ New releases are announced on [Release Notes](release-notes.md) page. To initiate an update, use either the AWS Console of the AWS cli to initiate a stack update. Use the S3 template URL for the new release and complete the update wizard. This will initiate a rolling upgrade of the Docker swarm, and service state will be maintained during and after the upgrade. Appropriately scaled services should not experience downtime during an upgrade. -![Upgrade in AWS console](/img/cloudformation_update.png) +![Upgrade in AWS console](img/cloudformation_update.png) Note that single containers started (for example) with `docker run -d` are **not** preserved during an upgrade. This is because the're not Docker Swarm objects, but are known only to the individual Docker engines. diff --git a/docker-for-azure/deploy.md b/docker-for-azure/deploy.md index 3fdc2226e5f..6e50a19713e 100644 --- a/docker-for-azure/deploy.md +++ b/docker-for-azure/deploy.md @@ -18,13 +18,13 @@ node can be used for administrating the swarm. Once you've deployed Docker on Azure, go to the "Outputs" section of the resource group deployment. -![](/img/sshtargets.png) +![](img/sshtargets.png) The "SSH Targets" output is a URL to a blade that describes the IP address (common across all the manager nodes) and the SSH port (unique for each manager node) that you can use to log in to each manager node. -![](/img/managers.png) +![](img/managers.png) ## Connecting via SSH From 6b63fa1a77f4695ea08154a43d98d5128e46eb29 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Wed, 18 Jan 2017 17:11:17 -0800 Subject: [PATCH 6/6] Fix codeblock hinting --- docker-for-aws/iam-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-for-aws/iam-permissions.md b/docker-for-aws/iam-permissions.md index 3db214edbf7..26ba8d8cd3f 100644 --- a/docker-for-aws/iam-permissions.md +++ b/docker-for-aws/iam-permissions.md @@ -12,7 +12,7 @@ If you create and use an IAM role with these permissions for creating the stack, This feature is called [AWS CloudFormation Service Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html?icmpid=docs_cfn_console) follow the link for more information. -``` +```none {% raw %} { "Version": "2012-10-17",