Merge branch 'master' into vchui

docs/user_doc/SUMMARY.md

@@ -9,6 +9,7 @@
 * [Introduction](README.md)
   * [Quick Start Links](vic_quickstart.md)
   * [Overview](vic_overview/introduction.md)
+  * [Roles and Personas](vic_overview/roles_and_personas.md)
 
 ----
 
@@ -74,11 +75,8 @@
          * [Command Line Certificate Login](vic_vsphere_admin/cmdline_login.md)
          * [VCH Admin Status Reference](vic_vsphere_admin/vicadmin_status_ref.md)
   * [Upgrading](vic_vsphere_admin/upgrading_vic.md)
-     * [Data Migration](vic_vsphere_admin/upgrade_data.md) 
      * [Pre-Upgrade Tasks](vic_vsphere_admin/pre_upgrade_tasks.md)
      * [Upgrade the Appliance](vic_vsphere_admin/upgrade_appliance.md)
-         * [Post-Upgrade Tasks](vic_vsphere_admin/post_upgrade_tasks.md)
-         * [Troubleshoot Appliance Upgrade](vic_vsphere_admin/troubleshoot_appliance_upgrade.md)
      * [Upgrade VCHs](vic_vsphere_admin/upgrade_vch.md)
          * [VCH Upgrade Options](vic_vsphere_admin/upgrade_vch_options.md)
      * [Upgrade Plug-In on Windows](vic_vsphere_admin/upgrade_h5_plugin_windows.md)

docs/user_doc/pdf.md

@@ -1,6 +1,6 @@
 # Download PDF Documentation #
 
-- <a href="./pdf/vic_12_overview.pdf" target="_blank">Overview of vSphere Integrated Containers</a>
-- <a href="./pdf/vic_12_vsphere_admin.pdf" target="_blank">Install, Deploy, and Maintain the vSphere Integrated Containers Infrastructure</a>
-- <a href="./pdf/vic_12_cloud_admin.pdf" target="_blank">Configure and Manage vSphere Integrated Containers</a>
-- <a href="./pdf/vic_12_app_dev.pdf" target="_blank">Develop Container Applications with vSphere Integrated Containers</a>
+- <a href="./pdf/vic_13_overview.pdf" target="_blank">Overview of vSphere Integrated Containers</a>
+- <a href="./pdf/vic_13_vsphere_admin.pdf" target="_blank">Install, Deploy, and Maintain the vSphere Integrated Containers Infrastructure</a>
+- <a href="./pdf/vic_13_cloud_admin.pdf" target="_blank">Configure and Manage vSphere Integrated Containers</a>
+- <a href="./pdf/vic_13_app_dev.pdf" target="_blank">Develop Container Applications with vSphere Integrated Containers</a>

docs/user_doc/vic_app_dev/container_operations.md

@@ -54,7 +54,7 @@
 |`ps`|[Show running containers](https://docs.docker.com/engine/reference/commandline/ps/)|Yes, since 1.0. Supports the `-a/--all`, `-f/--filter`, `--no-trunc`, and `-q/--quiet` options. Filtering by network name is supported, but filtering by network ID is not supported.|
 |`rename`|[Rename a container](https://docs.docker.com/engine/reference/commandline/rename/)|Yes, since 1.1. Name resolution for renamed running containers is not supported, but if you restart the container the new name is resolved.|
 |`restart`|[Restart a container](https://docs.docker.com/engine/reference/commandline/restart/)|Yes, since 1.0|
-|`rm`|[Remove a container](https://docs.docker.com/engine/reference/commandline/rm/)|Yes, since 1.0. Removes associated anonymous and regular volumes. Supports the `--force` option and the `name` parameter.  Does not support `docker rm -v`. To view volumes attached to a container that is removed, use `docker volume ls` and `docker volume inspect <id>`. If you continually invoke `docker create` to make more anonymous volumes, those volumes are left behind after each subsequent removal of that container.|
+|`rm`|[Remove a container](https://docs.docker.com/engine/reference/commandline/rm/)|Yes, since 1.0. Supports the `--force` option and the `name` parameter. To view volumes attached to a container that is removed, use `docker volume ls` and `docker volume inspect <id>`. If you continually invoke `docker create` to make more anonymous volumes, those volumes are left behind after each subsequent removal of that container. <br>Since 1.3 `docker rm -v` is also supported. Running the command removes the container and any anonymous volumes joined to that container. If an anonymous volume is in use by another container, it is not removed. Named volumes (specified by name in the create/run command) are not deleted.|
 |`run`|[Run a command in a new container](https://docs.docker.com/engine/reference/commandline/run/)| <a id="docker_run"></a>Yes, since 1.0.  Supports mapping a random host port to the container when the host port is not specified. <br>Supports running images from private and custom registries.<br>`docker run --net=host` is not supported. You can specify a container network by using the [`--container-network`](../vic_vsphere_admin/container_networks.md) option when you deploy a virtual container host. Supports the `--attach`, `--cidfile`, `--cpuset-cpus`, `--detach`, `--detach-keys`, `--entrypoint`, `--env`, `--env-file`, `--help`, `--interactive`, `--ip`, `--link`, `--memory`, `--name`, `--net`, `--net-alias`, `--publish`, `--rm`, `--stop-signal`, `--stop-timeout`, `--tty`, `--user`, `--volume`, and `--workdir` options.|
 |`start`|[Start a container](https://docs.docker.com/engine/reference/commandline/start/)|Yes, since 1.0. Supports the `--attach` and `--interactive` options.|
 |`stats`|[Get container stats based on resource usage](https://docs.docker.com/engine/reference/commandline/stats/)|Yes. Provides statistics about CPU and memory usage since 1.1. Provides statistics about network or disk usage since 1.2.|
@@ -135,4 +135,4 @@ For information about Docker Compose file support, see [Supported Docker Compose
 
 ## Swarm Commands <a id="swarm"></a>
 
-This version of vSphere Integrated Containers Engine does not directly support Docker Swarm. However, you can use the [`dch-photon` Docker Engine](build_push_images.md) to instantiate a Docker swarm for use with vSphere Integrated Containers. 
+This version of vSphere Integrated Containers Engine does not directly support Docker Swarm. However, you can use the [`dch-photon` Docker Engine](build_push_images.md) to instantiate a Docker swarm for use with vSphere Integrated Containers. 

docs/user_doc/vic_app_dev/using_volumes_with_vic.md

@@ -12,7 +12,8 @@ vSphere Integrated Containers supports the use of container volumes. You can cre
 - [Mount Existing vSphere-Backed Volumes on Containers](#mount)
 - [Sharing NFS-Backed Volumes Between Containers](#mount_nfs)
 - [Obtain Information About a Volume](#inspect_vol) 
-- [Delete a Named Volume from a Volume Store](#delete_vol) 
+- [Delete a Named Volume from a Volume Store](#delete_vol)
+- [Delete a Container and the Anonymous Volumes Attached to It](#delete_anon_vol)
 
 For simplicity, the examples in this topic assume that the VCHs implement TLS authentication with self-signed server certificates, with no client verification.
 
@@ -172,4 +173,8 @@ To delete a volume, run `docker volume rm` and specify the name of the volume to
 <pre>docker -H <i>virtual_container_host_address</i>:2376 --tls 
 volume rm <i>volume_name</i></pre>
 
-**NOTE**: vSphere Integrated Containers does not support running `docker rm -v` to remove volumes that are associated with a container.
+## Delete a Container and the Anonymous Volumes Attached to It  <a id="delete_anon_vol"></a>
+
+To remove a container and anonymous volumes joined to that container, run `docker rm -v`. If an anonymous volume is in use by another container, it is not removed.
+
+<pre>$ docker rm -v container1</pre>

docs/user_doc/vic_overview/SUMMARY.md

@@ -3,5 +3,6 @@
 <!-- USE THIS SUMMARY FILE FOR PDF GENERATION ONLY -->
 
 * [Introduction](README.md)
-  * [Quick Start Links](vic_quickstart.md)
-  * [Overview](introduction.md)
+* [Overview of vSphere Integrated Containers](introduction.md)
+* [Roles and Personas](roles_and_personas.md)
+

docs/user_doc/vic_overview/introduction.md

@@ -82,8 +82,6 @@ These components currently support the Docker image format. vSphere Integrated C
 
 vSphere Integrated Containers is designed to solve many of the challenges associated with putting containerized applications into production. It directly uses the clustering, dynamic scheduling, and virtualized infrastructure in vSphere and bypasses the need to maintain discrete Linux VMs as container hosts.
 
-![vSphere Integrated Containers Conceptual Overview](graphics/conceptual-overview.png)
-
 vSphere Integrated Containers allows the vSphere administrator to provide a container management endpoint to a user as a service. At the same time, the vSphere administrator remains in complete control over the infrastructure that the container management endpoint service depends on. The main differences between vSphere Integrated Containers and a classic container environment are the following:
 
 - vSphere, not Linux, is the container host:
@@ -136,7 +134,7 @@ To summarize, vSphere Integrated Containers gives vSphere administrators a mecha
 
 ## What is vSphere Integrated Containers Engine? <a id="whats_vic_for"></a>
 
-vSphere Integrated Containers Engine currently offers a subset of the Docker API. It is designed to specifically address the provisioning of containers into production, solving many of the problems highlighted in [What Does vSphere Integrated Containers Engine Do?](#what_vic_does).
+vSphere Integrated Containers Engine currently offers a subset of the Docker API. It is designed to specifically address the provisioning of containers into production, solving many of the problems highlighted in [What Does vSphere Integrated Containers Do?](#what_vic_does).
 
 vSphere Integrated Containers Engine exploits the portability of the Docker image format to present itself as an enterprise deployment target. Developers build containers on one system and push them to a registry. Containers are tested by another system and are approved for production. vSphere Integrated Containers Engine can then pull the containers out of the registry and deploy them to vSphere.
 
@@ -242,49 +240,6 @@ You can pull users from the Platform Services Controller and assign them roles t
 
 You can deploy multiple vSphere Integrated Containers appliances to the same vCenter Server instance. Also, if a Platform Services Controller manages multiple vCenter Server instances, you can deploy multiple appliances to different vCenter Server instances that share that Platform Services Controller. In either of these setups, the appliances all register with the same Platform Services Controller, and can pull users from that Platform Services Controller. These setups allow the same user to have different roles in different vSphere Integrated Containers instances.
 
-
-#### Users and Roles <a id="usersandroles"></a>
-
-vSphere Integrated Containers features four roles for user access. The viewer role has the lowest level of access with the global administrator having the highest. Permissions per role are described below, as every next role inherits the permissions of the previous role and has additional ones.
-
-**Viewer**
-
-Role assigned per project.
-- If assigned, role only has view access to the repositories for a project.
-
-**Developer**
-
-Role assigned per project. In addition to the view access, a developer can also:
-- Provision containers
-- Push images
-- Create and import templates
-
-**DevOps Administrator**
-
-Role assigned per project. For their assigned projects DevOps administrators can perform additional actions:
-- Add developers and viewers and assign other DevOps administrators
-- Change the project configurations, such as making the project registry public, changing deployment security settings, and enabling vulnerability scanning
-
-**Cloud administrator / Global Administrator for all projects**
-
-The cloud administrator role is assigned to the Administrators group for vCenter Server during the installation of vSphere Integrated Containers. Through the management portal, you can revoke that role for the Administrators group, only after you assign the role to another group. Cloud administrators can also assign the role to individual users.
-
-The following global permissions are unique to the cloud administrator role:
-- Add new cloud administrators
-- Create new projects and assign the first DevOps administrator to them
-- Add hosts and clusters as resources to a given project
-- Add and manage registries, replication endpoints, and replication rules
-- Add predefined credentials and certificates for authentication
-- Set global configurations for registries handling
-- View system logs
-
-##### Example Users #####
-
-You can create example Cloud administrator, DevOps administrator, and a Developer users during the deployment of vSphere Integrated Containers appliance. These users are created as local users in the Platform Services Controller. By default, when you use the option to create example users, you end up with the following users:
-- vic-cloud-admin@*local_domain*
-- vic-devops-admin@*local_domain*
-- vic-developer@*local_domain*
-
 ## What Is vSphere Integrated Containers Registry? <a id="whats_registry"></a>
 
 vSphere Integrated Containers Registry is an enterprise-class registry server that you can use to store and distribute container images. vSphere Integrated Containers Registry allows DevOps administrators to organize image repositories in projects, and to set up role-based access control to those projects to define which users can access which repositories. vSphere Integrated Containers Registry also provides rule-based replication of images between registries, implements Docker Content Trust and vulnerability scanning, and provides detailed logging for project and user auditing.

docs/user_doc/vic_overview/roles_and_personas.md

@@ -0,0 +1,54 @@
+# Roles and Personas <a id="usersandroles"></a>
+
+vSphere Integrated Containers requires a vSphere administrator role for deployment and provides four additional roles for user access. The viewer role has the lowest level of access with the global cloud administrator having the highest.
+
+![vSphere Integrated Containers Conceptual Overview](graphics/conceptual-overview.png)
+
+Permissions per role are described below in reversed order, as every next role listed inherits the permissions of the previous role and has additional ones.
+
+**V. Viewer**
+
+Role assigned per project.
+- If assigned, role only has view access to the repositories for a project.
+
+**IV. Developer**
+
+Role assigned per project. In addition to the view access, for their assigned projects developers can also:
+- Provision containers
+- Push images into registries
+- Create and import templates
+
+**III. DevOps Administrator**
+
+Role assigned per project. For their assigned projects DevOps administrators can perform additional actions:
+- Add developers and viewers and assign other DevOps administrators
+- Change the project configurations, such as making the project registry public, changing deployment security settings, and enabling vulnerability scanning
+
+**II. Cloud administrator / Global Administrator for all projects**
+
+The cloud administrator role is assigned to the Administrators group for vCenter Server during the installation of vSphere Integrated Containers. Through the management portal, you can revoke that role for the Administrators group, only after you assign the role to another group. Cloud administrators can also assign the role to individual users.
+
+The following global permissions are unique to the cloud administrator role:
+- Add new cloud administrators
+- Create new projects and assign the first DevOps administrator to them
+- Add hosts as resources to a given project
+- Add and manage registries, replication endpoints, and replication rules
+- Add predefined credentials and certificates for authentication
+- Set global configurations for registries
+- View system logs
+
+**I. vSphere administrator**
+
+vSphere administrators prepare, install, and set up vSphere Integrated Containers. The typical workflow includes the following actions:
+- Deploy the vSphere Integrated Containers appliance
+- Deploy Virtual Container Hosts
+- Provide the information for the deployed assets to vSphere Integrated Containers users
+- Assign Cloud administrators
+- Perform update and upgrade procedures for vSphere Integrated Containers
+
+## Example Users #####
+
+You can create example Cloud administrator, DevOps administrator, and a Developer users during the deployment of vSphere Integrated Containers appliance. These users are created as local users in the Platform Services Controller. By default, when you use the option to create example users, you end up with the following users:
+- vic-cloud-admin@*local_domain*
+- vic-devops-admin@*local_domain*
+- vic-developer@*local_domain*

docs/user_doc/vic_vsphere_admin/SUMMARY.md

@@ -62,12 +62,9 @@
          * [Browser-Based Certificate Login](browser_login.md)
          * [Command Line Certificate Login](cmdline_login.md)
          * [VCH Admin Status Reference](vicadmin_status_ref.md)
-  * [Upgrading](upgrading_vic.md)
-     * [Data Migration](upgrade_data.md) 
+  * [Upgrading](upgrading_vic.md) 
      * [Pre-Upgrade Tasks](pre_upgrade_tasks.md)
      * [Upgrade the Appliance](upgrade_appliance.md)
-         * [Post-Upgrade Tasks](post_upgrade_tasks.md)
-         * [Troubleshoot Appliance Upgrade](troubleshoot_appliance_upgrade.md)
      * [Upgrade VCHs](upgrade_vch.md)
          * [VCH Upgrade Options](upgrade_vch_options.md)
      * [Upgrade Plug-In on Windows](upgrade_h5_plugin_windows.md)

docs/user_doc/vic_vsphere_admin/deploy_vic_appliance.md

@@ -1,6 +1,13 @@
 # Deploy the vSphere Integrated Containers Appliance #
 
-You install vSphere Integrated Containers by deploying a virtual appliance. The appliance runs the vSphere Integrated Containers Registry and vSphere Integrated Containers Management Portal services, and publishes the downloads of the vSphere Integrated Containers Engine binaries. 
+You install vSphere Integrated Containers by deploying a virtual appliance. 
+
+The following services run in the vSphere Integrated Containers appliance:
+
+- vSphere Integrated Containers Registry service
+- vSphere Integrated Containers Management Portal service
+- The file server for vSphere Integrated Containers Engine downloads and installation of the vSphere Client plug-ins
+- The `vic-machine` server service, that powers the Create Virtual Container Host wizard in the HTML5 vSphere Client plug-in
 
 You can deploy multiple vSphere Integrated Containers appliances to the same vCenter Server instance. Also, if a Platform Services Controller manages multiple vCenter Server instances, you can deploy multiple appliances to different vCenter Server instances that share that Platform Services Controller.
 
@@ -53,10 +60,6 @@ You can deploy multiple vSphere Integrated Containers appliances to the same vCe
    - In the **Fileserver Port** text box, optionally change the port on which the vSphere Integrated Containers file server runs.
    - To use custom certificates to authenticate connections to the vSphere Integrated Containers file server, optionally paste the content of the appropriate certificate and key files in the **SSL Cert** and **SSL Cert Key** text boxes. The file server supports RSA format for TLS private keys. 
    - Leave the text boxes blank to use auto-generated certificates.    
-
-7. Expand **Demo VCH Installer Wizard Configuration** to optionally change the port on which the interactive web installer for virtual container hosts (VCHs) runs. 
-
-    **NOTE**: The demo VCH installer wizard is deprecated in this release. 
 8. Expand **Configure Example Users** to configure the ready-made  example user accounts that vSphere Integrated Containers creates by default in the Platform Services Controller.
 
      You can use these accounts to test the different user personas that can access vSphere Integrated Containers Management Portal and Registry.