[Feature Request] Add Swarm Management Options

[ibnesayeed]

Description

Currently when the main Swarm menu option is selected, cluster status is reported and nodes in the cluster are listed. In that same interface some additional options can be added to show and update swarm configurations. A few of those options could be something like below:

• Display and rotate the root CA
• Show and rotate worker/manager join tokens
• Update the swarm
  • Change manager autolocking setting
  • Validity period for node certificates
  • Dispatcher heartbeat period
  • Specifications of one or more certificate signing endpoints
  • Number of additional Raft snapshots to retain
  • Number of log entries between Raft snapshots
  • Task history retention limit

[deviantony]

This was already mentioned in #415

I'll close #415 and keep this one open though as this issue has a better description.

[ns-cweber]

Apologies if this is the wrong place to ask this, but it seems related. How can I manage other nodes in my swarm through Portainer? Do I need to set up other endpoints? If so, the documentation for doing that seems sparse (https://portainer.readthedocs.io/en/stable/external_endpoints.html only tells me about the portainer config, but from what I'm reading, I presumably need to configure each node to listen over TCP?). I'm happy to file a new ticket or ask elsewhere.

[deviantony]

Hi @ns-cweber

Depending on what you want to achieve, you can execute actions against some nodes in the Swarm view when Portainer is connected to a Swarm manager (Swarm > click on the name of a node).

If you want to manage the resources inside a node, you'll need to define the node as a new endpoint inside Portainer (and thus requires you to configure these nodes to listen over TCP yes).

Might be related to #461 as well, we're working on a solution to give you the ability to manage all your cluster resources (containers, volumes, etc) from the same endpoint.

[orubel]

I second this. Definitely need to see tokens associated with the swarm. I can pull up token via a command of:

docker swarm join-token [OPTIONS] (worker|manager)

So this should be something easy to display with the nodes (or at least with the manager node) so we can see the associated token.

[ncresswell]

As long as the docker swarm api exposes this information, then we can add it (https://godoc.org/github.com/docker/swarmkit/api) Rgds, Neil Cresswell On 12/06/2018, at 11:02 AM, Owen Rubel <notifications@github.com<mailto:notifications@github.com>> wrote: I second this. Definitely need to see tokens associated with the swarm. I can pull up token via a command of: docker swarm join-token [OPTIONS] (worker|manager) So this should be something easy to display with the nodes (or at least with the manager node) so we can see the associated token. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_portainer_portainer_issues_1612-23issuecomment-2D396680670&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=hd16PNupfWGLPk-AJLEKZIOwNmBZDvu4c8sp3bksDMg&s=J3jwg9GQ8XwxzuIhzxlNSadXekLr7W3gLDS-wVRr7KY&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AWGrlT2CiDLw-5Fo02-5FpyhEWMMRMTGy2tHks5t8AIpgaJpZM4RzGex&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=hd16PNupfWGLPk-AJLEKZIOwNmBZDvu4c8sp3bksDMg&s=ePaeHgAU-IOuEEOLcdjzrK_opNm1euca35HDQjKGbUo&e=>.

[orubel]

JoinTokens look to be there.

[olljanat]

Bit off-topic but it is interesting to see how different things people want to do with Portainer.

There is people like me who thinks that Portainer cannot currently be used on production (or can be used by only very limited group of people) as there is too much stuff visible and no way to limit these rights.

And then other side there is people who wants be able see even more sensitive data on there. Of course it is possible to get both but it will challenging...

[orubel]

Well you can set limit to the web UI through a variety of ways internally. I would say it's not your responsibility to secure the UI but the administrators pf the web server.

[olljanat]

@orubel #2065 actually already limited access to JoinTokens to admins only on API level so now these can be shown on UI.

What comes to other limitations (detailed RBAC) I have understood that there is plan to implement them.