mirror of https://github.com/docker/cli.git
Fix whitespace that caused short-format in generated YAML
If the markdown contains trailing spaces, or has tabs included,
the YAML generator uses a compact format for the text (using `\n`
and `\t`, instead of plain newlines).
The compact format makes it difficult to review changes in the
yaml docs when vendoring in the documentation repository.
This patch:
- removes trailing whitespace
- replaces tabs for spaces
- fixes some minor formatting and markdown issues
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f912deeec7
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
c936ea9693
commit
9fd323afdc
|
@ -49,7 +49,7 @@ Options:
|
||||||
--no-cache Do not use cache when building the image
|
--no-cache Do not use cache when building the image
|
||||||
-o, --output Output destination (format: type=local,dest=path)
|
-o, --output Output destination (format: type=local,dest=path)
|
||||||
--pull Always attempt to pull a newer version of the image
|
--pull Always attempt to pull a newer version of the image
|
||||||
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
|
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
|
||||||
Use plain to show container output
|
Use plain to show container output
|
||||||
-q, --quiet Suppress the build output and print image ID on success
|
-q, --quiet Suppress the build output and print image ID on success
|
||||||
--rm Remove intermediate containers after a successful build (default true)
|
--rm Remove intermediate containers after a successful build (default true)
|
||||||
|
@ -431,7 +431,7 @@ $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PRO
|
||||||
This flag allows you to pass the build-time variables that are
|
This flag allows you to pass the build-time variables that are
|
||||||
accessed like regular environment variables in the `RUN` instruction of the
|
accessed like regular environment variables in the `RUN` instruction of the
|
||||||
Dockerfile. Also, these values don't persist in the intermediate or final images
|
Dockerfile. Also, these values don't persist in the intermediate or final images
|
||||||
like `ENV` values do. You must add `--build-arg` for each build argument.
|
like `ENV` values do. You must add `--build-arg` for each build argument.
|
||||||
|
|
||||||
Using this flag will not alter the output you see when the `ARG` lines from the
|
Using this flag will not alter the output you see when the `ARG` lines from the
|
||||||
Dockerfile are echoed during the build process.
|
Dockerfile are echoed during the build process.
|
||||||
|
@ -533,7 +533,7 @@ path):
|
||||||
$ docker build --output type=local,dest=out .
|
$ docker build --output type=local,dest=out .
|
||||||
```
|
```
|
||||||
|
|
||||||
Use the `tar` type to export the files as a `.tar` archive:
|
Use the `tar` type to export the files as a `.tar` archive:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker build --output type=tar,dest=out.tar .
|
$ docker build --output type=tar,dest=out.tar .
|
||||||
|
|
|
@ -821,7 +821,7 @@ C:\> dockerd --storage-opt size=40G
|
||||||
|
|
||||||
##### `lcow.globalmode`
|
##### `lcow.globalmode`
|
||||||
|
|
||||||
Specifies whether the daemon instantiates utility VM instances as required
|
Specifies whether the daemon instantiates utility VM instances as required
|
||||||
(recommended and default if omitted), or uses single global utility VM (better
|
(recommended and default if omitted), or uses single global utility VM (better
|
||||||
performance, but has security implications and not recommended for production
|
performance, but has security implications and not recommended for production
|
||||||
deployments).
|
deployments).
|
||||||
|
@ -1071,7 +1071,7 @@ system's list of trusted CAs instead of enabling `--insecure-registry`.
|
||||||
|
|
||||||
#### Legacy Registries
|
#### Legacy Registries
|
||||||
|
|
||||||
Starting with Docker 17.12, operations against registries supporting only the
|
Starting with Docker 17.12, operations against registries supporting only the
|
||||||
legacy v1 protocol are no longer supported. Specifically, the daemon will not
|
legacy v1 protocol are no longer supported. Specifically, the daemon will not
|
||||||
attempt `push`, `pull` and `login` to v1 registries. The exception to this is
|
attempt `push`, `pull` and `login` to v1 registries. The exception to this is
|
||||||
`search` which can still be performed on v1 registries.
|
`search` which can still be performed on v1 registries.
|
||||||
|
@ -1446,8 +1446,8 @@ This is a full example of the allowed configuration options on Windows:
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Feature options
|
#### Feature options
|
||||||
The optional field `features` in `daemon.json` allows users to enable or disable specific
|
The optional field `features` in `daemon.json` allows users to enable or disable specific
|
||||||
daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the
|
daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the
|
||||||
default docker image builder.
|
default docker image builder.
|
||||||
|
|
||||||
The list of currently supported feature options:
|
The list of currently supported feature options:
|
||||||
|
|
|
@ -31,11 +31,11 @@ Options:
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
Use `docker events` to get real-time events from the server. These events differ
|
Use `docker events` to get real-time events from the server. These events differ
|
||||||
per Docker object type. Different event types have different scopes. Local
|
per Docker object type. Different event types have different scopes. Local
|
||||||
scoped events are only seen on the node they take place on, and swarm scoped
|
scoped events are only seen on the node they take place on, and swarm scoped
|
||||||
events are seen on all managers.
|
events are seen on all managers.
|
||||||
|
|
||||||
Only the last 1000 log events are returned. You can use filters to further limit
|
Only the last 1000 log events are returned. You can use filters to further limit
|
||||||
the number of events returned.
|
the number of events returned.
|
||||||
|
|
||||||
### Object types
|
### Object types
|
||||||
|
@ -165,7 +165,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
|
||||||
seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
|
seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
|
||||||
fraction of a second no more than nine digits long.
|
fraction of a second no more than nine digits long.
|
||||||
|
|
||||||
Only the last 1000 log events are returned. You can use filters to further limit
|
Only the last 1000 log events are returned. You can use filters to further limit
|
||||||
the number of events returned.
|
the number of events returned.
|
||||||
|
|
||||||
#### Filtering
|
#### Filtering
|
||||||
|
@ -207,7 +207,7 @@ format. Go's [text/template](http://golang.org/pkg/text/template/) package
|
||||||
describes all the details of the format.
|
describes all the details of the format.
|
||||||
|
|
||||||
If a format is set to `{{json .}}`, the events are streamed as valid JSON
|
If a format is set to `{{json .}}`, the events are streamed as valid JSON
|
||||||
Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
|
Lines. For information about JSON Lines, please refer to http://jsonlines.org/.
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
|
@ -410,12 +410,12 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299
|
||||||
|
|
||||||
#### Format as JSON
|
#### Format as JSON
|
||||||
|
|
||||||
```none
|
```bash
|
||||||
$ docker events --format '{{json .}}'
|
$ docker events --format '{{json .}}'
|
||||||
|
|
||||||
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||||
{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||||
{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
|
{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
|
||||||
{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
|
{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
|
||||||
{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||||
```
|
```
|
||||||
|
|
|
@ -29,7 +29,7 @@ Options:
|
||||||
--privileged Give extended privileges to the command
|
--privileged Give extended privileges to the command
|
||||||
-t, --tty Allocate a pseudo-TTY
|
-t, --tty Allocate a pseudo-TTY
|
||||||
-u, --user Username or UID (format: <name|uid>[:<group|gid>])
|
-u, --user Username or UID (format: <name|uid>[:<group|gid>])
|
||||||
-w, --workdir Working directory inside the container
|
-w, --workdir Working directory inside the container
|
||||||
```
|
```
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
@ -83,8 +83,8 @@ Next, set an environment variable in the current bash session.
|
||||||
$ docker exec -it -e VAR=1 ubuntu_bash bash
|
$ docker exec -it -e VAR=1 ubuntu_bash bash
|
||||||
```
|
```
|
||||||
|
|
||||||
This will create a new Bash session in the container `ubuntu_bash` with environment
|
This will create a new Bash session in the container `ubuntu_bash` with environment
|
||||||
variable `$VAR` set to "1". Note that this environment variable will only be valid
|
variable `$VAR` set to "1". Note that this environment variable will only be valid
|
||||||
on the current Bash session.
|
on the current Bash session.
|
||||||
|
|
||||||
By default `docker exec` command runs in the same working directory set when container was created.
|
By default `docker exec` command runs in the same working directory set when container was created.
|
||||||
|
|
|
@ -106,7 +106,7 @@ Server:
|
||||||
myinsecurehost:5000
|
myinsecurehost:5000
|
||||||
127.0.0.0/8
|
127.0.0.0/8
|
||||||
```
|
```
|
||||||
|
|
||||||
### Show debugging output
|
### Show debugging output
|
||||||
|
|
||||||
Here is a sample output for a daemon running on Ubuntu, using the overlay2
|
Here is a sample output for a daemon running on Ubuntu, using the overlay2
|
||||||
|
|
|
@ -32,6 +32,8 @@ Options:
|
||||||
|
|
||||||
Login to a registry.
|
Login to a registry.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
### Login to a self-hosted registry
|
### Login to a self-hosted registry
|
||||||
|
|
||||||
If you want to login to a self-hosted registry you can specify this by
|
If you want to login to a self-hosted registry you can specify this by
|
||||||
|
@ -94,7 +96,7 @@ For example, to use `docker-credential-osxkeychain`:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"credsStore": "osxkeychain"
|
"credsStore": "osxkeychain"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -124,9 +126,9 @@ or an identity token.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"ServerURL": "https://index.docker.io/v1",
|
"ServerURL": "https://index.docker.io/v1",
|
||||||
"Username": "david",
|
"Username": "david",
|
||||||
"Secret": "passw0rd1"
|
"Secret": "passw0rd1"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -145,8 +147,8 @@ and password from this payload:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"Username": "david",
|
"Username": "david",
|
||||||
"Secret": "passw0rd1"
|
"Secret": "passw0rd1"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -43,8 +43,8 @@ more (ideally more than one) image names. It can then be used in the same way as
|
||||||
an image name in `docker pull` and `docker run` commands, for example.
|
an image name in `docker pull` and `docker run` commands, for example.
|
||||||
|
|
||||||
Ideally a manifest list is created from images that are identical in function for
|
Ideally a manifest list is created from images that are identical in function for
|
||||||
different os/arch combinations. For this reason, manifest lists are often referred to as
|
different os/arch combinations. For this reason, manifest lists are often referred
|
||||||
"multi-arch images". However, a user could create a manifest list that points
|
to as "multi-arch images". However, a user could create a manifest list that points
|
||||||
to two images -- one for windows on amd64, and one for darwin on amd64.
|
to two images -- one for windows on amd64, and one for darwin on amd64.
|
||||||
|
|
||||||
### manifest inspect
|
### manifest inspect
|
||||||
|
@ -62,7 +62,7 @@ Options:
|
||||||
-v, --verbose Output additional info including layers and platform
|
-v, --verbose Output additional info including layers and platform
|
||||||
```
|
```
|
||||||
|
|
||||||
### manifest create
|
### manifest create
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
|
Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
|
||||||
|
@ -76,6 +76,7 @@ Options:
|
||||||
```
|
```
|
||||||
|
|
||||||
### manifest annotate
|
### manifest annotate
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
|
Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
|
||||||
|
|
||||||
|
@ -91,6 +92,7 @@ Options:
|
||||||
```
|
```
|
||||||
|
|
||||||
### manifest push
|
### manifest push
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
Usage: docker manifest push [OPTIONS] MANIFEST_LIST
|
Usage: docker manifest push [OPTIONS] MANIFEST_LIST
|
||||||
|
|
||||||
|
@ -104,12 +106,21 @@ Options:
|
||||||
|
|
||||||
### Working with insecure registries
|
### Working with insecure registries
|
||||||
|
|
||||||
The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements.
|
The manifest command interacts solely with a Docker registry. Because of this,
|
||||||
|
it has no way to query the engine for the list of allowed insecure registries.
|
||||||
|
To allow the CLI to interact with an insecure registry, some `docker manifest`
|
||||||
|
commands have an `--insecure` flag. For each transaction, such as a `create`,
|
||||||
|
which queries a registry, the `--insecure` flag must be specified. This flag
|
||||||
|
tells the CLI that this registry call may ignore security concerns like missing
|
||||||
|
or self-signed certificates. Likewise, on a `manifest push` to an insecure
|
||||||
|
registry, the `--insecure` flag must be specified. If this is not used with an
|
||||||
|
insecure registry, the manifest command fails to find a registry that meets the
|
||||||
|
default requirements.
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
### Inspect an image's manifest object
|
### Inspect an image's manifest object
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker manifest inspect hello-world
|
$ docker manifest inspect hello-world
|
||||||
{
|
{
|
||||||
|
@ -136,7 +147,7 @@ The `docker manifest inspect` command takes an optional `--verbose` flag
|
||||||
that gives you the image's name (Ref), and architecture and os (Platform).
|
that gives you the image's name (Ref), and architecture and os (Platform).
|
||||||
|
|
||||||
Just as with other docker commands that take image names, you can refer to an image with or
|
Just as with other docker commands that take image names, you can refer to an image with or
|
||||||
without a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).
|
without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f`).
|
||||||
|
|
||||||
Here is an example of inspecting an image's manifest with the `--verbose` flag:
|
Here is an example of inspecting an image's manifest with the `--verbose` flag:
|
||||||
|
|
||||||
|
@ -170,17 +181,19 @@ $ docker manifest inspect --verbose hello-world
|
||||||
|
|
||||||
### Create and push a manifest list
|
### Create and push a manifest list
|
||||||
|
|
||||||
To create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would
|
To create a manifest list, you first `create` the manifest list locally by
|
||||||
like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push
|
specifying the constituent images you would like to have included in your
|
||||||
to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port.
|
manifest list. Keep in mind that this is pushed to a registry, so if you want to
|
||||||
|
push to a registry other than the docker registry, you need to create your
|
||||||
|
manifest list with the registry name or IP and port.
|
||||||
This is similar to tagging an image and pushing it to a foreign registry.
|
This is similar to tagging an image and pushing it to a foreign registry.
|
||||||
|
|
||||||
After you have created your local copy of the manifest list, you may optionally
|
After you have created your local copy of the manifest list, you may optionally
|
||||||
`annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values),
|
`annotate` it. Annotations allowed are the architecture and operating system
|
||||||
os features, and an architecture variant.
|
(overriding the image's current values), os features, and an architecture variant.
|
||||||
|
|
||||||
Finally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands,
|
Finally, you need to `push` your manifest list to the desired registry. Below are
|
||||||
and an example putting them all together.
|
descriptions of these three commands, and an example putting them all together.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
$ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
||||||
|
@ -188,6 +201,7 @@ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
||||||
45.55.81.106:5000/coolapp-arm-linux:v1 \
|
45.55.81.106:5000/coolapp-arm-linux:v1 \
|
||||||
45.55.81.106:5000/coolapp-amd64-linux:v1 \
|
45.55.81.106:5000/coolapp-amd64-linux:v1 \
|
||||||
45.55.81.106:5000/coolapp-amd64-windows:v1
|
45.55.81.106:5000/coolapp-amd64-windows:v1
|
||||||
|
|
||||||
Created manifest list 45.55.81.106:5000/coolapp:v1
|
Created manifest list 45.55.81.106:5000/coolapp:v1
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -255,9 +269,10 @@ $ docker manifest inspect coolapp:v1
|
||||||
|
|
||||||
### Push to an insecure registry
|
### Push to an insecure registry
|
||||||
|
|
||||||
Here is an example of creating and pushing a manifest list using a known insecure registry.
|
Here is an example of creating and pushing a manifest list using a known
|
||||||
|
insecure registry.
|
||||||
|
|
||||||
```
|
```bash
|
||||||
$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
|
$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
|
||||||
myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
|
myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
|
||||||
myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
|
myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
|
||||||
|
@ -265,10 +280,13 @@ $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1
|
||||||
myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
|
myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
|
||||||
myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
|
myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
|
||||||
myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
|
myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
|
||||||
```
|
|
||||||
```
|
|
||||||
$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
|
$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`.
|
> **Note**: the `--insecure` flag is not required to annotate a manifest list,
|
||||||
|
> since annotations are to a locally-stored copy of a manifest list. You may also
|
||||||
|
> skip the `--insecure` flag if you are performing a `docker manifest inspect`
|
||||||
|
> on a locally-stored manifest list. Be sure to keep in mind that locally-stored
|
||||||
|
> manifest lists are never used by the engine on a `docker pull`.
|
||||||
|
|
||||||
|
|
|
@ -192,7 +192,7 @@ The following filter matches all user defined networks:
|
||||||
```bash
|
```bash
|
||||||
$ docker network ls --filter type=custom
|
$ docker network ls --filter type=custom
|
||||||
NETWORK ID NAME DRIVER SCOPE
|
NETWORK ID NAME DRIVER SCOPE
|
||||||
95e74588f40d foo bridge local
|
95e74588f40d foo bridge local
|
||||||
63d1ff1f77b0 dev bridge local
|
63d1ff1f77b0 dev bridge local
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -42,87 +42,94 @@ details of the format.
|
||||||
|
|
||||||
### Inspect a node
|
### Inspect a node
|
||||||
|
|
||||||
```none
|
```bash
|
||||||
$ docker node inspect swarm-manager
|
$ docker node inspect swarm-manager
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"ID": "e216jshn25ckzbvmwlnh5jr3g",
|
"ID": "e216jshn25ckzbvmwlnh5jr3g",
|
||||||
"Version": {
|
"Version": {
|
||||||
"Index": 10
|
"Index": 10
|
||||||
},
|
},
|
||||||
"CreatedAt": "2017-05-16T22:52:44.9910662Z",
|
"CreatedAt": "2017-05-16T22:52:44.9910662Z",
|
||||||
"UpdatedAt": "2017-05-16T22:52:45.230878043Z",
|
"UpdatedAt": "2017-05-16T22:52:45.230878043Z",
|
||||||
"Spec": {
|
"Spec": {
|
||||||
"Role": "manager",
|
"Role": "manager",
|
||||||
"Availability": "active"
|
"Availability": "active"
|
||||||
},
|
},
|
||||||
"Description": {
|
"Description": {
|
||||||
"Hostname": "swarm-manager",
|
"Hostname": "swarm-manager",
|
||||||
"Platform": {
|
"Platform": {
|
||||||
"Architecture": "x86_64",
|
"Architecture": "x86_64",
|
||||||
"OS": "linux"
|
"OS": "linux"
|
||||||
},
|
},
|
||||||
"Resources": {
|
"Resources": {
|
||||||
"NanoCPUs": 1000000000,
|
"NanoCPUs": 1000000000,
|
||||||
"MemoryBytes": 1039843328
|
"MemoryBytes": 1039843328
|
||||||
},
|
},
|
||||||
"Engine": {
|
"Engine": {
|
||||||
"EngineVersion": "17.06.0-ce",
|
"EngineVersion": "17.06.0-ce",
|
||||||
"Plugins": [
|
"Plugins": [
|
||||||
{
|
{
|
||||||
"Type": "Volume",
|
"Type": "Volume",
|
||||||
"Name": "local"
|
"Name": "local"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Type": "Network",
|
"Type": "Network",
|
||||||
"Name": "overlay"
|
"Name": "overlay"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Type": "Network",
|
"Type": "Network",
|
||||||
"Name": "null"
|
"Name": "null"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Type": "Network",
|
"Type": "Network",
|
||||||
"Name": "host"
|
"Name": "host"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Type": "Network",
|
"Type": "Network",
|
||||||
"Name": "bridge"
|
"Name": "bridge"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Type": "Network",
|
"Type": "Network",
|
||||||
"Name": "overlay"
|
"Name": "overlay"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"TLSInfo": {
|
"TLSInfo": {
|
||||||
"TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
|
"TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
|
||||||
"CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
|
"CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
|
||||||
"CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
|
"CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"Status": {
|
"Status": {
|
||||||
"State": "ready",
|
"State": "ready",
|
||||||
"Addr": "168.0.32.137"
|
"Addr": "168.0.32.137"
|
||||||
},
|
},
|
||||||
"ManagerStatus": {
|
"ManagerStatus": {
|
||||||
"Leader": true,
|
"Leader": true,
|
||||||
"Reachability": "reachable",
|
"Reachability": "reachable",
|
||||||
"Addr": "168.0.32.137:2377"
|
"Addr": "168.0.32.137:2377"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
### Specify an output format
|
### Specify an output format
|
||||||
|
|
||||||
```none
|
```bash
|
||||||
$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
|
$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
|
||||||
|
|
||||||
false
|
false
|
||||||
|
```
|
||||||
|
|
||||||
|
Use `--format=pretty` or the `--pretty` shorthand to pretty-print the output:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ docker node inspect --format=pretty self
|
||||||
|
|
||||||
$ docker node inspect --pretty self
|
|
||||||
ID: e216jshn25ckzbvmwlnh5jr3g
|
ID: e216jshn25ckzbvmwlnh5jr3g
|
||||||
Hostname: swarm-manager
|
Hostname: swarm-manager
|
||||||
Joined at: 2017-05-16 22:52:44.9910662 +0000 utc
|
Joined at: 2017-05-16 22:52:44.9910662 +0000 utc
|
||||||
|
@ -157,8 +164,8 @@ PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3
|
||||||
zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==
|
zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
|
Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
|
||||||
Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
|
Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
|
||||||
```
|
```
|
||||||
|
|
||||||
## Related commands
|
## Related commands
|
||||||
|
|
|
@ -162,7 +162,7 @@ The following example uses a template without headers and outputs the
|
||||||
```bash
|
```bash
|
||||||
$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
|
$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
|
||||||
e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
|
e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
|
||||||
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
|
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -87,7 +87,7 @@ e90b8831a4b8 nginx "/bin/bash -c 'mkdir " 11 weeks ago Up 4 hours
|
||||||
```
|
```
|
||||||
* The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container
|
* The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container
|
||||||
* The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer.
|
* The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer.
|
||||||
|
|
||||||
For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section.
|
For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -36,9 +36,9 @@ image and tag names.
|
||||||
Killing the `docker push` process, for example by pressing `CTRL-c` while it is
|
Killing the `docker push` process, for example by pressing `CTRL-c` while it is
|
||||||
running in a terminal, terminates the push operation.
|
running in a terminal, terminates the push operation.
|
||||||
|
|
||||||
Progress bars are shown during docker push, which show the uncompressed size. The
|
Progress bars are shown during docker push, which show the uncompressed size.
|
||||||
actual amount of data that's pushed will be compressed before sending, so the uploaded
|
The actual amount of data that's pushed will be compressed before sending, so
|
||||||
size will not be reflected by the progress bar.
|
the uploaded size will not be reflected by the progress bar.
|
||||||
|
|
||||||
Registry credentials are managed by [docker login](login.md).
|
Registry credentials are managed by [docker login](login.md).
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ This example displays images with a name containing 'busybox':
|
||||||
$ docker search busybox
|
$ docker search busybox
|
||||||
|
|
||||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||||
busybox Busybox base image. 316 [OK]
|
busybox Busybox base image. 316 [OK]
|
||||||
progrium/busybox 50 [OK]
|
progrium/busybox 50 [OK]
|
||||||
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
||||||
odise/busybox-python 2 [OK]
|
odise/busybox-python 2 [OK]
|
||||||
|
@ -85,7 +85,7 @@ at least 3 stars and the description isn't truncated in the output:
|
||||||
```bash
|
```bash
|
||||||
$ docker search --filter=stars=3 --no-trunc busybox
|
$ docker search --filter=stars=3 --no-trunc busybox
|
||||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||||
busybox Busybox base image. 325 [OK]
|
busybox Busybox base image. 325 [OK]
|
||||||
progrium/busybox 50 [OK]
|
progrium/busybox 50 [OK]
|
||||||
radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK]
|
radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK]
|
||||||
```
|
```
|
||||||
|
@ -115,7 +115,7 @@ least 3 stars:
|
||||||
$ docker search --filter stars=3 busybox
|
$ docker search --filter stars=3 busybox
|
||||||
|
|
||||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||||
busybox Busybox base image. 325 [OK]
|
busybox Busybox base image. 325 [OK]
|
||||||
progrium/busybox 50 [OK]
|
progrium/busybox 50 [OK]
|
||||||
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
||||||
```
|
```
|
||||||
|
@ -193,10 +193,10 @@ $ docker search --format "table {{.Name}}\t{{.IsAutomated}}\t{{.IsOfficial}}" ng
|
||||||
|
|
||||||
NAME AUTOMATED OFFICIAL
|
NAME AUTOMATED OFFICIAL
|
||||||
nginx [OK]
|
nginx [OK]
|
||||||
jwilder/nginx-proxy [OK]
|
jwilder/nginx-proxy [OK]
|
||||||
richarvey/nginx-php-fpm [OK]
|
richarvey/nginx-php-fpm [OK]
|
||||||
jrcs/letsencrypt-nginx-proxy-companion [OK]
|
jrcs/letsencrypt-nginx-proxy-companion [OK]
|
||||||
million12/nginx-php [OK]
|
million12/nginx-php [OK]
|
||||||
webdevops/php-nginx [OK]
|
webdevops/php-nginx [OK]
|
||||||
{% endraw %}
|
{% endraw %}
|
||||||
```
|
```
|
||||||
|
|
|
@ -724,7 +724,7 @@ After adding the `region=east` label to a node in the cluster, the service
|
||||||
reconciles, and the desired number of replicas are deployed:
|
reconciles, and the desired number of replicas are deployed:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
|
$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
|
||||||
yswe2dm4c5fdgtsrli1e8ya5l
|
yswe2dm4c5fdgtsrli1e8ya5l
|
||||||
|
|
||||||
$ docker service ls
|
$ docker service ls
|
||||||
|
@ -925,7 +925,7 @@ The swarm extends my-network to each node running the service.
|
||||||
Containers on the same network can access each other using
|
Containers on the same network can access each other using
|
||||||
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
|
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
|
||||||
|
|
||||||
Long form syntax of `--network` allows to specify list of aliases and driver options:
|
Long form syntax of `--network` allows to specify list of aliases and driver options:
|
||||||
`--network name=my-network,alias=web1,driver-opt=field1=value1`
|
`--network name=my-network,alias=web1,driver-opt=field1=value1`
|
||||||
|
|
||||||
### Publish service ports externally to the swarm (-p, --publish)
|
### Publish service ports externally to the swarm (-p, --publish)
|
||||||
|
|
|
@ -123,21 +123,21 @@ JSON output, by using the `--pretty` option:
|
||||||
```bash
|
```bash
|
||||||
$ docker service inspect --pretty frontend
|
$ docker service inspect --pretty frontend
|
||||||
|
|
||||||
ID: c8wgl7q4ndfd52ni6qftkvnnp
|
ID: c8wgl7q4ndfd52ni6qftkvnnp
|
||||||
Name: frontend
|
Name: frontend
|
||||||
Labels:
|
Labels:
|
||||||
- org.example.projectname=demo-app
|
- org.example.projectname=demo-app
|
||||||
Service Mode: REPLICATED
|
Service Mode: REPLICATED
|
||||||
Replicas: 5
|
Replicas: 5
|
||||||
Placement:
|
Placement:
|
||||||
UpdateConfig:
|
UpdateConfig:
|
||||||
Parallelism: 0
|
Parallelism: 0
|
||||||
On failure: pause
|
On failure: pause
|
||||||
Max failure ratio: 0
|
Max failure ratio: 0
|
||||||
ContainerSpec:
|
ContainerSpec:
|
||||||
Image: nginx:alpine
|
Image: nginx:alpine
|
||||||
Resources:
|
Resources:
|
||||||
Networks: net1
|
Networks: net1
|
||||||
Endpoint Mode: vip
|
Endpoint Mode: vip
|
||||||
Ports:
|
Ports:
|
||||||
PublishedPort = 4443
|
PublishedPort = 4443
|
||||||
|
|
|
@ -149,12 +149,12 @@ the port is configured:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker info
|
docker info
|
||||||
...
|
...
|
||||||
ClusterID: 9vs5ygs0gguyyec4iqf2314c0
|
ClusterID: 9vs5ygs0gguyyec4iqf2314c0
|
||||||
Managers: 1
|
Managers: 1
|
||||||
Nodes: 1
|
Nodes: 1
|
||||||
Data Path Port: 7777
|
Data Path Port: 7777
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
### `--default-addr-pool`
|
### `--default-addr-pool`
|
||||||
|
|
|
@ -378,8 +378,8 @@ SIGNED TAG DIGEST
|
||||||
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
||||||
|
|
||||||
Administrative keys for alpine:latest:
|
Administrative keys for alpine:latest:
|
||||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||||
```
|
```
|
||||||
|
|
||||||
The `SIGNED TAG` is the signed image tag with a unique content-addressable
|
The `SIGNED TAG` is the signed image tag with a unique content-addressable
|
||||||
|
@ -406,8 +406,8 @@ bob 034370bcbd77, 82a66673242c
|
||||||
carol b6f9f8e1aab0
|
carol b6f9f8e1aab0
|
||||||
|
|
||||||
Administrative keys for my-image:
|
Administrative keys for my-image:
|
||||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||||
```
|
```
|
||||||
|
|
||||||
However, if other tags are signed in the same image repository,
|
However, if other tags are signed in the same image repository,
|
||||||
|
@ -420,8 +420,8 @@ No signatures for alpine:unsigned
|
||||||
|
|
||||||
|
|
||||||
Administrative keys for alpine:unsigned:
|
Administrative keys for alpine:unsigned:
|
||||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||||
```
|
```
|
||||||
|
|
||||||
### Get details about signatures for all image tags in a repository
|
### Get details about signatures for all image tags in a repository
|
||||||
|
@ -441,8 +441,8 @@ edge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1
|
||||||
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
||||||
|
|
||||||
Administrative keys for alpine:
|
Administrative keys for alpine:
|
||||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||||
```
|
```
|
||||||
|
|
||||||
Here's an example with signers that are set up by `docker trust` commands:
|
Here's an example with signers that are set up by `docker trust` commands:
|
||||||
|
@ -465,6 +465,6 @@ bob 034370bcbd77, 82a66673242c
|
||||||
carol b6f9f8e1aab0
|
carol b6f9f8e1aab0
|
||||||
|
|
||||||
Administrative keys for my-image:
|
Administrative keys for my-image:
|
||||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||||
```
|
```
|
||||||
|
|
|
@ -43,7 +43,6 @@ Repeat passphrase for new alice key with ID 17acf3c:
|
||||||
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
||||||
$ ls
|
$ ls
|
||||||
alice.pub
|
alice.pub
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The private signing key is encrypted by the passphrase and loaded into the docker trust keystore.
|
The private signing key is encrypted by the passphrase and loaded into the docker trust keystore.
|
||||||
|
@ -63,5 +62,4 @@ Repeat passphrase for new alice key with ID 17acf3c:
|
||||||
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
||||||
$ ls /foo
|
$ ls /foo
|
||||||
alice.pub
|
alice.pub
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
|
@ -27,7 +27,9 @@ Options:
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`.
|
`docker trust key load` adds private keys to the local docker trust keystore.
|
||||||
|
|
||||||
|
To add a signer to a repository use `docker trust signer add`.
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
|
@ -39,19 +41,18 @@ For a private key `alice.pem` with permissions `-rw-------`
|
||||||
$ docker trust key load alice.pem
|
$ docker trust key load alice.pem
|
||||||
|
|
||||||
Loading key from "alice.pem"...
|
Loading key from "alice.pem"...
|
||||||
Enter passphrase for new signer key with ID f8097df:
|
Enter passphrase for new signer key with ID f8097df:
|
||||||
Repeat passphrase for new signer key with ID f8097df:
|
Repeat passphrase for new signer key with ID f8097df:
|
||||||
Successfully imported key from alice.pem
|
Successfully imported key from alice.pem
|
||||||
|
|
||||||
```
|
```
|
||||||
to specify a name use the `--name` flag
|
|
||||||
|
To specify a name use the `--name` flag:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust key load --name alice-key alice.pem
|
$ docker trust key load --name alice-key alice.pem
|
||||||
|
|
||||||
Loading key from "alice.pem"...
|
Loading key from "alice.pem"...
|
||||||
Enter passphrase for new alice-key key with ID f8097df:
|
Enter passphrase for new alice-key key with ID f8097df:
|
||||||
Repeat passphrase for new alice-key key with ID f8097df:
|
Repeat passphrase for new alice-key key with ID f8097df:
|
||||||
Successfully imported key from alice.pem
|
Successfully imported key from alice.pem
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
|
@ -49,8 +49,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
When `alice`, one of the signers, runs `docker trust revoke`:
|
When `alice`, one of the signers, runs `docker trust revoke`:
|
||||||
|
@ -75,8 +75,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
### Revoke signatures on all tags in a repository
|
### Revoke signatures on all tags in a repository
|
||||||
|
@ -96,8 +96,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
When `alice`, one of the signers, runs `docker trust revoke`:
|
When `alice`, one of the signers, runs `docker trust revoke`:
|
||||||
|
@ -124,7 +124,7 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -42,8 +42,8 @@ SIGNED TAG DIGEST
|
||||||
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
|
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||||
```
|
```
|
||||||
|
|
||||||
Sign a new tag with `docker trust sign`:
|
Sign a new tag with `docker trust sign`:
|
||||||
|
@ -65,7 +65,7 @@ Enter passphrase for repository key with ID 36d4c36:
|
||||||
Successfully signed docker.io/example/trust-demo:v2
|
Successfully signed docker.io/example/trust-demo:v2
|
||||||
```
|
```
|
||||||
|
|
||||||
`docker trust view` lists the new signature:
|
Use `docker trust view` to list the new signature:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
|
@ -74,8 +74,8 @@ v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c8357
|
||||||
v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin)
|
v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin)
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||||
```
|
```
|
||||||
|
|
||||||
### Sign a tag as a signer
|
### Sign a tag as a signer
|
||||||
|
@ -95,8 +95,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
Sign a new tag with `docker trust sign`:
|
Sign a new tag with `docker trust sign`:
|
||||||
|
@ -130,8 +130,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
## Initialize a new repo and sign a tag
|
## Initialize a new repo and sign a tag
|
||||||
|
@ -178,7 +178,6 @@ SIGNER KEYS
|
||||||
alice 6d52b29d940f
|
alice 6d52b29d940f
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||||
Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ Options:
|
||||||
|
|
||||||
### Add a signer to a repo
|
### Add a signer to a repo
|
||||||
|
|
||||||
To add a new signer, `alice`, to this repository:
|
To add a new signer, `alice`, to this repository:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
|
@ -47,8 +47,8 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
Add `alice` with `docker trust signer add`:
|
Add `alice` with `docker trust signer add`:
|
||||||
|
@ -56,8 +56,8 @@ Add `alice` with `docker trust signer add`:
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer add alice example/trust-demo --key alice.crt
|
$ docker trust signer add alice example/trust-demo --key alice.crt
|
||||||
Adding signer "alice" to example/trust-demo...
|
Adding signer "alice" to example/trust-demo...
|
||||||
Enter passphrase for repository key with ID 642692c:
|
Enter passphrase for repository key with ID 642692c:
|
||||||
Successfully added signer: alice to example/trust-demo
|
Successfully added signer: alice to example/trust-demo
|
||||||
```
|
```
|
||||||
|
|
||||||
`docker trust view` now lists `alice` as a valid signer:
|
`docker trust view` now lists `alice` as a valid signer:
|
||||||
|
@ -75,8 +75,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
## Initialize a new repo and add a signer
|
## Initialize a new repo and add a signer
|
||||||
|
@ -91,12 +91,12 @@ No signatures or cannot access example/trust-demo
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer add alice example/trust-demo --key alice.crt
|
$ docker trust signer add alice example/trust-demo --key alice.crt
|
||||||
Initializing signed repository for example/trust-demo...
|
Initializing signed repository for example/trust-demo...
|
||||||
Enter passphrase for root key with ID 748121c:
|
Enter passphrase for root key with ID 748121c:
|
||||||
Enter passphrase for new repository key with ID 95b9e55:
|
Enter passphrase for new repository key with ID 95b9e55:
|
||||||
Repeat passphrase for new repository key with ID 95b9e55:
|
Repeat passphrase for new repository key with ID 95b9e55:
|
||||||
Successfully initialized "example/trust-demo"
|
Successfully initialized "example/trust-demo"
|
||||||
|
|
||||||
Adding signer "alice" to example/trust-demo...
|
Adding signer "alice" to example/trust-demo...
|
||||||
Successfully added signer: alice to example/trust-demo
|
Successfully added signer: alice to example/trust-demo
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -114,13 +114,12 @@ SIGNER KEYS
|
||||||
alice 6d52b29d940f
|
alice 6d52b29d940f
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||||
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||||
```
|
```
|
||||||
|
|
||||||
## Add a signer to multiple repos
|
## Add a signer to multiple repos
|
||||||
To add a signer, `alice`, to multiple repositories:
|
To add a signer, `alice`, to multiple repositories:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
SIGNED TAG DIGEST SIGNERS
|
SIGNED TAG DIGEST SIGNERS
|
||||||
|
@ -132,8 +131,8 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo2
|
$ docker trust view example/trust-demo2
|
||||||
|
@ -146,19 +145,19 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo2:
|
Administrative keys for example/trust-demo2:
|
||||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
Add `alice` to both repositories with a single `docker trust signer add` command:
|
Add `alice` to both repositories with a single `docker trust signer add` command:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
|
$ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
|
||||||
Adding signer "alice" to example/trust-demo...
|
Adding signer "alice" to example/trust-demo...
|
||||||
Enter passphrase for repository key with ID 95b9e55:
|
Enter passphrase for repository key with ID 95b9e55:
|
||||||
Successfully added signer: alice to example/trust-demo
|
Successfully added signer: alice to example/trust-demo
|
||||||
|
|
||||||
Adding signer "alice" to example/trust-demo2...
|
Adding signer "alice" to example/trust-demo2...
|
||||||
Enter passphrase for repository key with ID ece554f:
|
Enter passphrase for repository key with ID ece554f:
|
||||||
Successfully added signer: alice to example/trust-demo2
|
Successfully added signer: alice to example/trust-demo2
|
||||||
```
|
```
|
||||||
`docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
|
`docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
|
||||||
|
@ -176,8 +175,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo2
|
$ docker trust view example/trust-demo2
|
||||||
|
@ -191,8 +190,8 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo2:
|
Administrative keys for example/trust-demo2:
|
||||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -204,7 +203,7 @@ Adding signer "alice" to example/unauthorized...
|
||||||
you are not authorized to perform this operation: server returned 401.
|
you are not authorized to perform this operation: server returned 401.
|
||||||
|
|
||||||
Adding signer "alice" to example/authorized...
|
Adding signer "alice" to example/authorized...
|
||||||
Enter passphrase for repository key with ID c6772a0:
|
Enter passphrase for repository key with ID c6772a0:
|
||||||
Successfully added signer: alice to example/authorized
|
Successfully added signer: alice to example/authorized
|
||||||
|
|
||||||
Failed to add signer to: example/unauthorized
|
Failed to add signer to: example/unauthorized
|
||||||
|
|
|
@ -33,8 +33,7 @@ Options:
|
||||||
|
|
||||||
### Remove a signer from a repo
|
### Remove a signer from a repo
|
||||||
|
|
||||||
To remove an existing signer, `alice`, from this repository:
|
To remove an existing signer, `alice`, from this repository:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
|
|
||||||
|
@ -48,18 +47,18 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
Remove `alice` with `docker trust signer remove`:
|
Remove `alice` with `docker trust signer remove`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer remove alice example/trust-demo
|
$ docker trust signer remove alice example/trust-demo
|
||||||
Removing signer "alice" from image example/trust-demo...
|
|
||||||
Enter passphrase for repository key with ID 642692c:
|
|
||||||
Successfully removed alice from example/trust-demo
|
|
||||||
|
|
||||||
|
Removing signer "alice" from image example/trust-demo...
|
||||||
|
Enter passphrase for repository key with ID 642692c:
|
||||||
|
Successfully removed alice from example/trust-demo
|
||||||
```
|
```
|
||||||
|
|
||||||
`docker trust view` now does not list `alice` as a valid signer:
|
`docker trust view` now does not list `alice` as a valid signer:
|
||||||
|
@ -76,13 +75,13 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
### Remove a signer from multiple repos
|
### Remove a signer from multiple repos
|
||||||
|
|
||||||
To remove an existing signer, `alice`, from multiple repositories:
|
To remove an existing signer, `alice`, from multiple repositories:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
|
@ -96,9 +95,10 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo2
|
$ docker trust view example/trust-demo2
|
||||||
SIGNED TAG DIGEST SIGNERS
|
SIGNED TAG DIGEST SIGNERS
|
||||||
|
@ -111,22 +111,27 @@ alice 05e87edcaecb
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo2:
|
Administrative keys for example/trust-demo2:
|
||||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
Remove `alice` from both images with a single `docker trust signer remove` command:
|
Remove `alice` from both images with a single `docker trust signer remove` command:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer remove alice example/trust-demo example/trust-demo2
|
$ docker trust signer remove alice example/trust-demo example/trust-demo2
|
||||||
|
|
||||||
Removing signer "alice" from image example/trust-demo...
|
Removing signer "alice" from image example/trust-demo...
|
||||||
Enter passphrase for repository key with ID 95b9e55:
|
Enter passphrase for repository key with ID 95b9e55:
|
||||||
Successfully removed alice from example/trust-demo
|
Successfully removed alice from example/trust-demo
|
||||||
|
|
||||||
Removing signer "alice" from image example/trust-demo2...
|
Removing signer "alice" from image example/trust-demo2...
|
||||||
Enter passphrase for repository key with ID ece554f:
|
Enter passphrase for repository key with ID ece554f:
|
||||||
Successfully removed alice from example/trust-demo2
|
Successfully removed alice from example/trust-demo2
|
||||||
```
|
```
|
||||||
`docker trust view` no longer lists `alice` as a valid signer of either `example/trust-demo` or `example/trust-demo2`:
|
|
||||||
|
Run `docker trust view` to confirm that `alice` is no longer listed as a valid
|
||||||
|
signer of either `example/trust-demo` or `example/trust-demo2`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo
|
$ docker trust view example/trust-demo
|
||||||
SIGNED TAG DIGEST SIGNERS
|
SIGNED TAG DIGEST SIGNERS
|
||||||
|
@ -138,9 +143,10 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo:
|
Administrative keys for example/trust-demo:
|
||||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust view example/trust-demo2
|
$ docker trust view example/trust-demo2
|
||||||
SIGNED TAG DIGEST SIGNERS
|
SIGNED TAG DIGEST SIGNERS
|
||||||
|
@ -152,19 +158,22 @@ SIGNER KEYS
|
||||||
bob 5600f5ab76a2
|
bob 5600f5ab76a2
|
||||||
|
|
||||||
Administrative keys for example/trust-demo2:
|
Administrative keys for example/trust-demo2:
|
||||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||||
```
|
```
|
||||||
|
|
||||||
`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:
|
`docker trust signer remove` removes signers to repositories on a best effort
|
||||||
|
basis, so it will continue to remove the signer from subsequent repositories if
|
||||||
|
one attempt fails:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker trust signer remove alice example/unauthorized example/authorized
|
$ docker trust signer remove alice example/unauthorized example/authorized
|
||||||
|
|
||||||
Removing signer "alice" from image example/unauthorized...
|
Removing signer "alice" from image example/unauthorized...
|
||||||
No signer alice for image example/unauthorized
|
No signer alice for image example/unauthorized
|
||||||
|
|
||||||
Removing signer "alice" from image example/authorized...
|
Removing signer "alice" from image example/authorized...
|
||||||
Enter passphrase for repository key with ID c6772a0:
|
Enter passphrase for repository key with ID c6772a0:
|
||||||
Successfully removed alice from example/authorized
|
Successfully removed alice from example/authorized
|
||||||
|
|
||||||
Error removing signer from: example/unauthorized
|
Error removing signer from: example/unauthorized
|
||||||
|
|
Loading…
Reference in New Issue