Commit Graph

5881 Commits

Author SHA1 Message Date
Zhang Wei ed4cf608e2 Add filter for `network ls` to hide predefined net
Add filter support for `network ls` to hide predefined network,
then user can use "docker network rm `docker network ls -f type=custom`"
to delete a bundle of userdefined networks.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:21 +00:00
Harald Albers a36ca600a0 remove `--format` from bash completion for `docker network rm`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:21 +00:00
Ilya Dmitrichenko c8ba44360f Update link for Weave Net plugin docs
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
2017-06-02 00:07:21 +00:00
Harald Albers c227b6ac11 Better function names in bash completion
The new names make it easier to distinguish between helper functions and
functions that actually perform completion by modifying the global COMPOPT
variable.

Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:21 +00:00
Ma Shimiao 499d634f32 Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:21 +00:00
Harald Albers 57a8c59820 Use computed plugin lists in bash completion
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:21 +00:00
Vincent Demeester 1e3c5bbe15 Add --format support to images command
- rename `api/client/ps` to `api/client/formatter`
- add a a image formatter

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:21 +00:00
Boaz Shuster fbb25d42f0 Change the quiet flag behavior in the build command
Right now, the quiet (-q, --quiet) flag ignores the output
generated from within the container.

However, it ought to be quiet in a way that all kind
of diagnostic output should be ignored, unless the build
process fails.

This patch makes the quiet flag behave in the following way:
 1. If the build process succeeds, stdout contains the image ID
    and stderr is empty.
 2. If the build process fails, stdout is empty and stderr
    has the error message and the diagnostic output of that process.

If the quiet flag is not set, then everything goes to stdout
and error messages, if there are any, go to stderr.

Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-06-02 00:07:21 +00:00
Aidan Feldman 4620840d57 Update restart description
add a note around restart policies only working in detached mode

Signed-off-by: Aidan Feldman <aidan.feldman@gmail.com>

Update restart description with Mary's comments.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:21 +00:00
Antonio Murdaca 8008a57ffb docs: userguide: labels-custom-metadsata.md: update syntax for emtpy value labels
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:21 +00:00
Bryan Boreham 1b77149fd4 Explain 'json' function a bit better
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca e5b94ba3ef docs: extend: authorization.md: add a note about confidential stuff in Err
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca d00b518979 authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Wen Cheng Ma 752b902123 Fix typo error and update index
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca e79f2fcc21 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Doug Davis 8b3b2571d7 Add a DOCKER_API_VERSION env var
Closes: #11486

Just for @ahmetalpbalkan  :-)

Fixed some comment formatting too while in there.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:20 +00:00
Ray Tsang 5e6c121c37 Updated REX-Ray plugin platform support.
REX-Ray added Google Compute Engine support: https://github.com/emccode/rexray/issues/113

Signed-off-by: Ray Tsang <rayt@google.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca 5ea58b57cb docs: extend: plugins_volume.md: Err default to empty string
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Vivek Goyal b2cbaa03af Add capability to specify mount propagation per volume
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:20 +00:00
Harald Albers 9339b4abb5 bash completion for `docker daemon --authz-plugin`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:20 +00:00
Steve Durrheimer c54cb6f490 Fix small missing equal sign for 'docker daemon --cluster-store-opt'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:20 +00:00
Steve Durrheimer 1df420553c Add zsh completion for 'docker daemon --authz-plugin'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:20 +00:00
Justas Brazauskas b91f98d9f1 Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2017-06-02 00:07:20 +00:00
Liron Levin 53c1cb81c0 Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel a8a3c47ee5 Fixing documentation comments by @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel 00962f362b Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Liron Levin 67d3265c4b Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2017-06-02 00:07:20 +00:00
Dima Stopel 87f1223216 Adding authorization subsystem documentation
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Aaron Lehmann fa96356872 Update docs for addition of transfer manager
Closing the HTTP connection requesting a push or pull will cancel the
push or pull. This behavior also applies to the CLI.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:19 +00:00
Qiang Huang d9278dd4a8 Check minimum kernel memory limit to be 4M
Fixes: #18405

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:19 +00:00
Sambuddha Basu 93ce6fd9f5 The docs now explain that images with repo:tag as <none>:<none> are dangling images.
Signed-off-by: Sambuddha Basu <sambuddhabasu1@gmail.com>
2017-06-02 00:07:19 +00:00
Harald Albers b4a012656c Improve bash completion for `docker network disconnect`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 7071c15b5f docs: markdown and textual fixups in reference/run.md
This fixes markdown formatting, and formatting of tables;

 - Our markdown engine doesn't support spanning rows, so
   re-wrapped table contents.
 - Added a CSS-styles to prevent "code" blocks in tables
   from wrapping
 - The "logging drivers" table didn't have a header
 - Aligned table borders in source code for better readability.
 - Standardize on using `-it` in stead of -i -t or -ti
 - Some markup issues
 - Some minor textual fixups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Jessica Frazelle ac40ecf711 update bash completion for seccomp
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:19 +00:00
Chris Weyl 66eef79e58 newtork -> network (minor spelling correction)
...yeah, that was bugging me. :)

Signed-off-by: Chris Weyl <cweyl@alumni.drew.edu>
2017-06-02 00:07:19 +00:00
Ma Shimiao 9480c4763d Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Ma Shimiao 7880dcf5f2 docs: fix weight-deivce option args
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Vincent Demeester c6162061d9 Add format flag to network inspect
…for consistency as docker inspect and docker volume inspect supports it too

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn c5f725e1c7 Address review comments.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Ben Firshman 22ce4b4448 Add docs and man page entry for --volume-driver
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:07:19 +00:00
Wen Cheng Ma deae0706ea Add NETWORK_NAME_or_ID value for --net= option
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 178a2cfe7c update order and address review notes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
gwx296173 01c09480dc add examples in search.md
Signed-off-by: gwx296173 <gaojing3@huawei.com>
2017-06-02 00:07:19 +00:00
Antonio Murdaca e9287cd43a Add OomScoreAdj to configure container oom killer preferences
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:19 +00:00
Dan Walsh 65120e8851 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:18 +00:00
Pavel Pospisil 70efcb00b4 Improvement of docker top Man Page
Some users expect that the `docker top $CONT` command displays information from the inside container perspective.
They expect that the `docker top $CONT` command displays same information as the `docker exec $CONT ps -ef` command. But it does not.

That's why the `docker top` man page shall explicitly state that the `docker top $CONT` displays information from the host's point of view.

Signed-off-by: Pavel Pospisil <pospispa@gmail.com>
2017-06-02 00:07:18 +00:00
Doug Davis ecfc3613b2 Deprecate -f flag from docker tag
Closes #9798

@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 67eea4d814 Add docs for option `--isolation`
Add docs for `run`/`create`/`build` command option `isolation`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Madhu Venugopal c072458308 Make discovery ttl and heartbeat configurable
Docker daemon uses kv-store as the host-discovery backend.
Discovery module tracks the liveness of a node through a simple
keepalive mechanism.  The keepalive mechanism depends on every
node performing heartbeat by registering itself with the discovery
module (via KV-Store Put operation). And for every Put operation,
the discovery module in all other nodes will receive a Watch
notification. That keeps the node alive.
Any node that fails to register itself within the TTL timer is
considered dead and removed from the discovery database.

The default timer (heartbeat = 20 seconds & ttl = 60 seconds)
works fine for small clusters.  But for large clusters, these
default timers are extremely aggressive and that causes high CPU
& most of the processing is spent managing the node discovery
and that impacts normal daemon operation.

Hence we need a way to make the discovery ttl and heartbeat
configurable.  As the cluster size grows, the user can change
these timers to make sure the daemon scales.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:18 +00:00
Kai Qiang Wu(Kennan) 4fbaeb5f25 Fixing the volume options doc
Fixes #15896
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:18 +00:00