From a6bfd565b3a2b76b7f412f75a3fc1b74f38f5b79 Mon Sep 17 00:00:00 2001 From: Jacob Gadikian Date: Tue, 2 Aug 2016 00:56:36 +0700 Subject: [PATCH 1/7] Update installing.md --- site/installing.md | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/site/installing.md b/site/installing.md index 8d8236259..b97b37b71 100644 --- a/site/installing.md +++ b/site/installing.md @@ -4,7 +4,7 @@ menu_order: 20 --- -Weave Scope consists of three parts: the probe, the app and the user interface. Scope can be deployed in either a standalone configuration, where you run everything yourself, or by using Weave Cloud. +Weave Scope consists of three parts: the probe, the app and the user interface. Scope can be deployed in either a standalone configuration, where you run everything yourself, or by using Weave Cloud. Weave Cloud is the recommended option if: @@ -16,6 +16,7 @@ The following topics are discussed: * [Installing Scope on Docker](#docker) * [Using Weave Cloud](#docker-weave-cloud) + * [On A Local Cluster](#local-cluster) * [Weave Net and Scope](#net-scope) * [Using Docker Compose](#docker-compose) * [Using Docker Compose in Weave Cloud](#docker-compose-cloud) @@ -27,7 +28,7 @@ The following topics are discussed: ##Installing Scope on Docker -To install Scope onto your local Docker machine in standalone mode, run the following commands: +To install Scope onto your PC with docker installed in standalone mode, run the following commands: sudo curl -L git.io/scope -o /usr/local/bin/scope sudo chmod a+x /usr/local/bin/scope @@ -43,7 +44,8 @@ Where, * `` is the name you gave to your virtual machine with docker-machine. -> **Note:** Scope allows anyone with access to the UI control over your containers: as such, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally traffic between the app and the probe is currently insecure and should also not traverse the Internet. +### Scope allows anyone with access to the UI control over your containers, and the hosts running them! +Therefore, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally, traffic between the app and the probe is currently insecure and should also not traverse the Internet, meaning that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through weave net. To put scope behind a very simple password, you can use [Caddy](https://github.com/mholt/caddy) to protect the endpoint by making the port 4040 available to localhost and using caddy to proxy it.... or, just use weave cloud. ###Using Weave Cloud @@ -63,6 +65,29 @@ This script downloads and runs a recent Scope docker image from the Docker Hub. After Scope has been launched, open your web browser to [https://cloud.weave.works](https://cloud.weave.works) and login. Click 'View Instance' in the top right-hand corner to see the Scope user interface. +### Local-Cluster without WeaveNet / WeaveDNS +These are the directions for "Any Random Cluster," with no dependency on Weave Net. Suppose I have a cluster like this: + +192.168.100.16 +192.168.100.17 +192.168.100.18 +192.168.100.19 +192.168.100.20 + +We'll assume that no special hostnames or DNS settings have been fiddled with, so we're going to use IP addresses only to configure scope on this cluster: + +**On Each Node, first run:** + sudo curl -L git.io/scope -o /usr/local/bin/scope + sudo chmod a+x /usr/local/bin/scope +**Then Run on the first node** + scope launch 192.168.100.18 192.168.100.19 192.168.100.20 +**Second node** + scope launch 192.168.100.17 192.168.100.20 192.168.100.21 + scope launch 192.168.100.17 192.168.100.18 192.168.100.21 + scope launch 192.168.100.17 192.198.100.19 192.168.100.20 + +Key point here being that you need to make each node aware of the others. + ### Weave Net and Scope If Scope is running on the same machine as the Weave Network, then the probe uses weaveDNS to automatically discover any other apps on the network. Scope does this by registering itself under the address `scope.weave.local`. From 7f31665c0cb8ea23f51616e111ff920969edf0bb Mon Sep 17 00:00:00 2001 From: Jacob Gadikian Date: Tue, 2 Aug 2016 17:35:20 +0700 Subject: [PATCH 2/7] Update installing.md --- site/installing.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/site/installing.md b/site/installing.md index b97b37b71..51aa53e23 100644 --- a/site/installing.md +++ b/site/installing.md @@ -44,7 +44,7 @@ Where, * `` is the name you gave to your virtual machine with docker-machine. -### Scope allows anyone with access to the UI control over your containers, and the hosts running them! +**NB: Scope allows anyone with access to the UI control over your containers, and the hosts running them! ** Therefore, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally, traffic between the app and the probe is currently insecure and should also not traverse the Internet, meaning that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through weave net. To put scope behind a very simple password, you can use [Caddy](https://github.com/mholt/caddy) to protect the endpoint by making the port 4040 available to localhost and using caddy to proxy it.... or, just use weave cloud. ###Using Weave Cloud @@ -77,16 +77,27 @@ These are the directions for "Any Random Cluster," with no dependency on Weave N We'll assume that no special hostnames or DNS settings have been fiddled with, so we're going to use IP addresses only to configure scope on this cluster: **On Each Node, first run:** +``` sudo curl -L git.io/scope -o /usr/local/bin/scope sudo chmod a+x /usr/local/bin/scope +``` **Then Run on the first node** +``` scope launch 192.168.100.18 192.168.100.19 192.168.100.20 +``` **Second node** +``` scope launch 192.168.100.17 192.168.100.20 192.168.100.21 +``` +**Third Node** +``` scope launch 192.168.100.17 192.168.100.18 192.168.100.21 +``` +**Fourth Node** +``` scope launch 192.168.100.17 192.198.100.19 192.168.100.20 - -Key point here being that you need to make each node aware of the others. +``` +Key point here being that you need to make each node aware of the others. You can also configure a single "target" nodee that you point all the others at, and once again, the key is that they know each other exist. ### Weave Net and Scope From e59b3b68598897bd790b3502a076f4288659a81f Mon Sep 17 00:00:00 2001 From: Jacob Gadikian Date: Tue, 2 Aug 2016 17:36:02 +0700 Subject: [PATCH 3/7] Update installing.md --- site/installing.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site/installing.md b/site/installing.md index 51aa53e23..b184b6bba 100644 --- a/site/installing.md +++ b/site/installing.md @@ -44,7 +44,8 @@ Where, * `` is the name you gave to your virtual machine with docker-machine. -**NB: Scope allows anyone with access to the UI control over your containers, and the hosts running them! ** +#### NB: Scope allows anyone with access to the UI control over your containers, and the hosts running them! + Therefore, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally, traffic between the app and the probe is currently insecure and should also not traverse the Internet, meaning that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through weave net. To put scope behind a very simple password, you can use [Caddy](https://github.com/mholt/caddy) to protect the endpoint by making the port 4040 available to localhost and using caddy to proxy it.... or, just use weave cloud. ###Using Weave Cloud From 7b2fda375be215f62115939e941a430a1962781d Mon Sep 17 00:00:00 2001 From: abuehrle Date: Wed, 31 Aug 2016 18:19:09 -0500 Subject: [PATCH 4/7] open PR removed PC --- site/installing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/installing.md b/site/installing.md index b184b6bba..62a87991e 100644 --- a/site/installing.md +++ b/site/installing.md @@ -28,7 +28,7 @@ The following topics are discussed: ##Installing Scope on Docker -To install Scope onto your PC with docker installed in standalone mode, run the following commands: +To install Scope onto your machine with Docker installed in stand-alone mode, run the following commands: sudo curl -L git.io/scope -o /usr/local/bin/scope sudo chmod a+x /usr/local/bin/scope From 5a2a46ba661dfde8e3f41721249b11bb6b5d328b Mon Sep 17 00:00:00 2001 From: abuehrle Date: Thu, 1 Sep 2016 08:54:11 -0500 Subject: [PATCH 5/7] added vanilla cluster instructions --- site/installing.md | 63 +++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/site/installing.md b/site/installing.md index 62a87991e..56643efbc 100644 --- a/site/installing.md +++ b/site/installing.md @@ -10,13 +10,13 @@ Weave Cloud is the recommended option if: * You are deploying to larger clusters. * You require secure remote access. - * You wish to share access with your coworkers. + * You want to share access with your coworkers. The following topics are discussed: * [Installing Scope on Docker](#docker) * [Using Weave Cloud](#docker-weave-cloud) - * [On A Local Cluster](#local-cluster) + * [Installing Scope on a Local Cluster Without Weave Net](#cluster-no-net) * [Weave Net and Scope](#net-scope) * [Using Docker Compose](#docker-compose) * [Using Docker Compose in Weave Cloud](#docker-compose-cloud) @@ -44,9 +44,7 @@ Where, * `` is the name you gave to your virtual machine with docker-machine. -#### NB: Scope allows anyone with access to the UI control over your containers, and the hosts running them! - -Therefore, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally, traffic between the app and the probe is currently insecure and should also not traverse the Internet, meaning that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through weave net. To put scope behind a very simple password, you can use [Caddy](https://github.com/mholt/caddy) to protect the endpoint by making the port 4040 available to localhost and using caddy to proxy it.... or, just use weave cloud. +>>**Note:** Scope allows anyone with access to the UI control over your containers: as such, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally traffic between the app and the probe is currently insecure and should also not traverse the Internet. This means that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through Weave Net. Put Scope behind a password, by using somthing like [Caddy](https://github.com/mholt/caddy) to protect the endpoint and making port 4040 available to localhost with Caddy proxying it. Or you can use Weave Cloud to manage your security for you. ###Using Weave Cloud @@ -66,39 +64,36 @@ This script downloads and runs a recent Scope docker image from the Docker Hub. After Scope has been launched, open your web browser to [https://cloud.weave.works](https://cloud.weave.works) and login. Click 'View Instance' in the top right-hand corner to see the Scope user interface. -### Local-Cluster without WeaveNet / WeaveDNS -These are the directions for "Any Random Cluster," with no dependency on Weave Net. Suppose I have a cluster like this: + +###Installing Scope on a Local Cluster Without Weave Net + +This example assumes that you have a local cluster that is not using Weave Net, and which also has no special hostnames or DNS settings. Only the IP addresses assigned to it will be used to configure Scope. You will launch Scope using the IP addresses of all the nodes in the cluster. + +Suppose you have the following cluster: 192.168.100.16 -192.168.100.17 -192.168.100.18 -192.168.100.19 -192.168.100.20 + 192.168.100.17 + 192.168.100.18 + 192.168.100.19 + 192.168.100.20 + + In the steps that follow, you will manually peer each node with all of the other nodes during Scope launch. + +**1. To begin run the following on each node:** -We'll assume that no special hostnames or DNS settings have been fiddled with, so we're going to use IP addresses only to configure scope on this cluster: + sudo curl -L git.io/scope -o /usr/local/bin/scope + sudo chmod a+x /usr/local/bin/scope + + **2. Then on the first node:** + + scope launch 192.168.100.18 192.168.100.19 192.168.100.20 + + **3. And on the second node:** + + scope launch 192.168.100.17 192.168.100.20 192.168.100.21 + scope launch 192.168.100.17 192.168.100.18 192.168.100.21 + scope launch 192.168.100.17 192.198.100.19 192.168.100.20 -**On Each Node, first run:** -``` - sudo curl -L git.io/scope -o /usr/local/bin/scope - sudo chmod a+x /usr/local/bin/scope -``` -**Then Run on the first node** -``` - scope launch 192.168.100.18 192.168.100.19 192.168.100.20 -``` -**Second node** -``` - scope launch 192.168.100.17 192.168.100.20 192.168.100.21 -``` -**Third Node** -``` - scope launch 192.168.100.17 192.168.100.18 192.168.100.21 -``` -**Fourth Node** -``` - scope launch 192.168.100.17 192.198.100.19 192.168.100.20 -``` -Key point here being that you need to make each node aware of the others. You can also configure a single "target" nodee that you point all the others at, and once again, the key is that they know each other exist. ### Weave Net and Scope From fc7d50a2ef5023c560f171dfe4b656c2c5c577e0 Mon Sep 17 00:00:00 2001 From: abuehrle Date: Thu, 1 Sep 2016 13:31:35 -0500 Subject: [PATCH 6/7] formatting --- site/installing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/installing.md b/site/installing.md index 56643efbc..bb8b3fb83 100644 --- a/site/installing.md +++ b/site/installing.md @@ -71,7 +71,7 @@ This example assumes that you have a local cluster that is not using Weave Net, Suppose you have the following cluster: -192.168.100.16 + 192.168.100.16 192.168.100.17 192.168.100.18 192.168.100.19 From f270c97f9dde57326a2e52464bd0f2d5c68e28f6 Mon Sep 17 00:00:00 2001 From: Anita Buehrle Date: Tue, 27 Sep 2016 18:47:57 -0400 Subject: [PATCH 7/7] changed wording for peering cluster also clarified security note --- site/installing.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/site/installing.md b/site/installing.md index bb8b3fb83..5c5439378 100644 --- a/site/installing.md +++ b/site/installing.md @@ -44,7 +44,7 @@ Where, * `` is the name you gave to your virtual machine with docker-machine. ->>**Note:** Scope allows anyone with access to the UI control over your containers: as such, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Additionally traffic between the app and the probe is currently insecure and should also not traverse the Internet. This means that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through Weave Net. Put Scope behind a password, by using somthing like [Caddy](https://github.com/mholt/caddy) to protect the endpoint and making port 4040 available to localhost with Caddy proxying it. Or you can use Weave Cloud to manage your security for you. +>>**Note:** Scope allows anyone with access to the user interface, control over your containers. As such, the Scope app endpoint (port 4040) should not be made accessible on the Internet. Also traffic between the app and the probe is insecure and should not traverse the Internet. This means that you should either use the private / internal IP addresses of your nodes when setting it up, or route this traffic through Weave Net. Put Scope behind a password, by using somthing like [Caddy](https://github.com/mholt/caddy) to protect the endpoint and make port 4040 available to localhost with Caddy proxying it. Or you can skip these steps, and just use Weave Cloud to manage the security for you. ###Using Weave Cloud @@ -60,9 +60,9 @@ Where, * `--service-token=` is the token you obtained after you signed up for Weave Cloud. -This script downloads and runs a recent Scope docker image from the Docker Hub. Scope needs to be installed onto every machine that you want to monitor. Once launched, Scope doesn’t require any other configuration and it also doesn’t depend on Weave Net. +This script downloads and runs a recent Scope Docker image from the Docker Hub. Scope needs to be installed onto every machine that you want to monitor. Once launched, Scope doesn’t require any other configuration and it does not depend on Weave Net. -After Scope has been launched, open your web browser to [https://cloud.weave.works](https://cloud.weave.works) and login. Click 'View Instance' in the top right-hand corner to see the Scope user interface. +After Scope is launched, open your web browser to [https://cloud.weave.works](https://cloud.weave.works) and login. Click 'View Instance' in the top right-hand corner to see the Scope user interface. ###Installing Scope on a Local Cluster Without Weave Net @@ -84,17 +84,18 @@ Suppose you have the following cluster: sudo curl -L git.io/scope -o /usr/local/bin/scope sudo chmod a+x /usr/local/bin/scope - **2. Then on the first node:** + **2. Then on the first node run:** scope launch 192.168.100.18 192.168.100.19 192.168.100.20 - **3. And on the second node:** + **3. And do the same for all of the other nodes in your cluster:** scope launch 192.168.100.17 192.168.100.20 192.168.100.21 scope launch 192.168.100.17 192.168.100.18 192.168.100.21 scope launch 192.168.100.17 192.198.100.19 192.168.100.20 + ### Weave Net and Scope If Scope is running on the same machine as the Weave Network, then the probe uses weaveDNS to automatically discover any other apps on the network. Scope does this by registering itself under the address `scope.weave.local`.