Merge branch 'master' of https://github.com/docker/docker.github.io

mrako · Apr 2, 2019 · a6ecbfd · a6ecbfd
2 parents 22cb3ed + 3cf34e8
commit a6ecbfd
Show file tree

Hide file tree

Showing 11 changed files with 30 additions and 33 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -89,4 +89,4 @@ pipeline {
       }
     }
   }
-}
+}
diff --git a/_data/toc.yaml b/_data/toc.yaml
@@ -1350,7 +1350,7 @@ manuals:
           - title: Specifying a routing mode
             path: /ee/ucp/interlock/usage/interlock-vip-mode/ 
           - title: Using routing labels
-            path: /ee/ucp/interlock/usage/labels-reference.md/ 
+            path: /ee/ucp/interlock/usage/labels-reference/ 
           - title: Implementing redirects
             path: /ee/ucp/interlock/usage/redirects/
           - title: Implementing a service cluster

diff --git a/compose/install.md b/compose/install.md
@@ -124,6 +124,10 @@ repository release page on GitHub](https://github.com/docker/compose/releases){:
 target="_blank" class="_"}. Follow the instructions from the link, which involve
 running the `curl` command in your terminal to download the binaries. These step-by-step instructions are also included below.
 
+> For `alpine`, the following dependency packages are needed:
+> `py-pip`, `python-dev`, `libffi-dev`, `openssl-dev`, `gcc`, `libc-dev`, and `make`.
+{: .important}
+
 1.  Run this command to download the current stable release of Docker Compose:
 
     ```bash
@@ -170,6 +174,10 @@ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
 
 #### Install using pip
 
+> For `alpine`, the following dependency packages are needed:
+> `py-pip`, `python-dev`, `libffi-dev`, `openssl-dev`, `gcc`, `libc-dev`, and `make`.
+{: .important}
+
 Compose can be installed from
 [pypi](https://pypi.python.org/pypi/docker-compose) using `pip`. If you install
 using `pip`, we recommend that you use a

diff --git a/ee/dtr/user/manage-images/sign-images/index.md b/ee/dtr/user/manage-images/sign-images/index.md
@@ -71,9 +71,8 @@ your image. In this example we've created the `prod/nginx` repository.
 
 As part of initiating the repository, we will add the public key of the UCP User
 as a signer. You will be asked for a number of passphrases to protect the keys.
-Please keep note of these passphrases, and to learn more about managing keys
-head to the Docker Content Trust documentation
-[here](/engine/security/trust/trust_delegation/#managing-delegations-in-a-notary-server).
+Make a note of these passphrases, and see [Managing Delegations in a Notary Server](/engine/security/trust/trust_delegation/#managing-delegations-in-a-notary-server) 
+to learn more about managing keys.
 
 
 ```bash
@@ -215,7 +214,7 @@ Administrative keys for dtr.example.com/prod/nginx:1
   Root Key:     b74854cb27cc25220ede4b08028967d1c6e297a759a6939dfef1ea72fbdd7b9a
 ```
 
-For more advanced use cases like this, more information can be found [here](/engine/security/trust/trust_delegation/) 
+For more advanced use cases like this, see [Delegations for content trust](/engine/security/trust/trust_delegation/).
 
 ## Delete trust data
 
@@ -243,4 +242,4 @@ but will not delete data from the Notary server.
 
 * [Automating Docker Content
   Trust](/engine/security/trust/trust_automation/)
-* [Using Docker Content Trust with a Remote UCP](./trust-with-remote-ucp.md)
+* [Using Docker Content Trust with a Remote UCP](./trust-with-remote-ucp/)
diff --git a/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp.md b/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp.md
@@ -9,7 +9,7 @@ redirect_from:
 For more advanced deployments, you may want to share one Docker Trusted Registry
 across multiple Universal Control Planes. However, customers wanting to adopt
 this model alongside the [Only Run Signed
-Images](../.../../ucp/admin/configure/run-only-the-images-you-trust.md) UCP feature, run into problems as each UCP operates an independent set of users.
+Images](/ee/ucp/admin/configure/run-only-the-images-you-trust.md) UCP feature, run into problems as each UCP operates an independent set of users.
 
 Docker Content Trust (DCT) gets around this problem, since users from
 a remote UCP are able to sign images in the central DTR and still apply runtime
@@ -27,7 +27,7 @@ cluster separately.
 > Before attempting this guide, familiarize yourself with [Docker Content
 > Trust](engine/security/trust/content_trust/#signing-images-with-docker-content-trust)
 > and [Only Run Signed
-> Images](../.../../ucp/admin/configure/run-only-the-images-you-trust.md) on a
+> Images](/ee/ucp/admin/configure/run-only-the-images-you-trust.md) on a
 > single UCP. Many of the concepts within this guide may be new without that
 > background. 
 
@@ -42,7 +42,7 @@ cluster separately.
 - The DTR TLS Certificate needs be properly configured, ensuring that the
   **Loadbalancer/Public Address** field has been configured, with this address
   included [within the
-  certificate](../../../admin/configure/use-your-own-tls-certificates/).
+  certificate](/ee/dtr/admin/configure/use-your-own-tls-certificates/).
 - A machine with the [Docker Client](/ee/ucp/user-access/cli/) (CE 17.12 /
   EE 1803 or newer) installed, as this contains the relevant `$ docker trust`
   commands. 
@@ -62,7 +62,7 @@ a local UCP, or cluster 1.
 > if the repository is private. See
 > [Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token)
 > or [Docker
-> Swarm](https://docs.docker.com/engine/swarm/services/#create-a-service-using-an-image-on-a-private-registry) examples.
+> Swarm](/engine/swarm/services/#create-a-service-using-an-image-on-a-private-registry) examples.
 
 To add a new registry, retrieve the Certificate
 Authority (CA) used to sign the DTR TLS Certificate through the DTR URL's
@@ -220,9 +220,7 @@ nqsph0n6lv9u        laughing_lamarr         replicated          1/1
 
 If the image is stored in a private repository within DTR, you need to pass credentials to the
 Orchestrator as there is no SSO between cluster 2 and DTR. See the relevant
-[Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token) or [Docker
-   Swarm](https://docs.docker.com/engine/swarm/services/#create-a-service-using-an-image-on-a-private-registry)
-   documentation for more details.
+[Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token) or [Docker Swarm](/engine/swarm/services/#create-a-service-using-an-image-on-a-private-registry) documentation for more details.
 
 ### Example Errors
 

diff --git a/ee/ucp/authorization/reset-user-password.md b/ee/ucp/authorization/reset-user-password.md
@@ -28,8 +28,8 @@ User passwords managed with an LDAP service must be changed on the LDAP server.
 Administrators who need to update their passwords can ask another administrator for help
 or SSH into a Docker Enterprise [manager node](/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes) and run:
 
-```none
 {% raw %}
+```bash
 docker run --net=host -v ucp-auth-api-certs:/tls -it "$(docker inspect --format '{{ .Spec.TaskTemplate.ContainerSpec.Image }}' ucp-auth-api)" "$(docker inspect --format '{{ index .Spec.TaskTemplate.ContainerSpec.Args 0 }}' ucp-auth-api)" passwd -i
 {% endraw %}
 ```

diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md
@@ -43,11 +43,6 @@ upgrade your installation to the latest release.
 
 ### Known Issues
 * There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade)
-* You must use the ID of the user, organization, or team if you manually create a **ClusterRoleBinding** or **RoleBinding** for `User` or `Group` subjects. (#14935)
-    * For the `User` subject Kind, the `Name` field contains the ID of the user.
-    * For the `Group` subject Kind, the format depends on whether you are create a Binding for a team or an organization:
-        * For an organization, the format is `org:{org-id}`
-        * For a team, the format is `team:{org-id}:{team-id}`
 * To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the  **ClusterRole**. Restricted Parameters on Containers include:
     * Host Bind Mounts
     * Privileged Mode
@@ -96,11 +91,6 @@ upgrade your installation to the latest release.
 * Newly added Windows node reports "Awaiting healthy status in classic node inventory". [Learn more](https://success.docker.com/article/newly-added-windows-node-reports-awaiting-healthy-status-in-classic-node-inventory).
 * There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade)
 * In the UCP web interface, LDAP settings disappear after submitting them. However, the settings are properly saved. (docker/orca#15503)
-* You must use the ID of the user, organization, or team if you manually create a **ClusterRoleBinding** or **RoleBinding** for `User` or `Group` subjects. (docker/orca#14935)
-    * For the `User` subject Kind, the `Name` field contains the ID of the user.
-    * For the `Group` subject Kind, the format depends on whether you are create a Binding for a team or an organization:
-        * For an organization, the format is `org:{org-id}`
-        * For a team, the format is `team:{org-id}:{team-id}`
 * To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the  **ClusterRole**. Restricted Parameters on Containers include:
     * Host Bind Mounts
     * Privileged Mode

diff --git a/engine/examples/running_ssh_service.md b/engine/examples/running_ssh_service.md
@@ -14,11 +14,10 @@ Using a static password for root access is dangerous. Create a random password b
 
 The following `Dockerfile` sets up an SSHd service in a container that you
 can use to connect to and inspect other container's volumes, or to get
-quick access to a test container. 
+quick access to a test container. Make the following substitutions:
 
-__Note: Replace "THEPASSWORDYOUCREATED" with the password that you created in the previous step.__
-
-> ** Note**: Use `without-password` instead of `prohibit-password` for Ubuntu 14.04.
+- With `RUN echo 'root:THEPASSWORDYOUCREATED' | chpasswd`, replace "THEPASSWORDYOUCREATED" with the password you've previously generated.
+- With `RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config`, use `without-password` instead of `prohibit-password` for Ubuntu 14.04.
 
 ```Dockerfile
 FROM ubuntu:16.04

diff --git a/engine/security/trust/trust_delegation.md b/engine/security/trust/trust_delegation.md
@@ -75,7 +75,8 @@ Failed to add signer to: dtr.example.com/user/repo
 ```
 
 If you are using DTR and would like to work with a remote UCP's signing policy, 
-you must [register your DTR instance with that remote UCP](/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp/#registering-dtr-with-a-remote-universal-control-plane). See [Using Docker Content Trust with a Remote UCP Cluster](/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp/) for more details. 
+you must [register your DTR instance with that remote UCP](/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp/#registering-dtr-with-a-remote-universal-control-plane). 
+See [Using Docker Content Trust with a Remote UCP Cluster](/ee/dtr/user/manage-images/sign-images/trust-with-remote-ucp/) for more details. 
 
 ## Configuring the Notary Client
 
@@ -369,7 +370,7 @@ Successfully removed ben from dtr.example.com/admin/demo
 
 #### Troubleshooting
 
-1) If you see an error that there are no useable keys in `targets/releases`, you 
+1) If you see an error that there are no usable keys in `targets/releases`, you 
 will need to add additional delegations using `docker trust signer add` before 
 resigning images.
 

diff --git a/engine/swarm/configs.md b/engine/swarm/configs.md
@@ -122,8 +122,8 @@ Docker configs.
 
 ### Defining and using configs in compose files
 
-Both the `docker compose` and `docker stack` commands support defining configs
-in a compose file. See
+The `docker stack` command supports defining configs in a Compose file.
+However, the `configs` key is not supported for `docker compose`. See
 [the Compose file reference](/compose/compose-file/#configs) for details.
 
 ### Simple example: Get started with configs

diff --git a/reference/ucp/3.1/cli/install.md b/reference/ucp/3.1/cli/install.md
@@ -38,6 +38,8 @@ If you have SELinux policies enabled for your Docker install, you will need to
 use `docker container run --rm -it --security-opt label=disable ...` when running this
 command.
 
+If you are installing on Azure, see [Install UCP on Azure](/ee/ucp/admin/install/install-on-azure/).
+
 ## Options
 
 | Option                   | Description                                                                                                                                                                                                                               |
-Original file line number
+Diff line change
@@ Expand Up / @@ -89,4 +89,4 @@ pipeline { @@
           }
         }
       }
-    }
+    }