mirror of https://github.com/docker/cli.git
Merge pull request #2391 from thaJeztah/19.03_backport_fix_yamldocs
[19.03 backport] Fix yamldocs generator to accomodate nested subcommands
This commit is contained in:
commit
c35400655d
|
@ -49,7 +49,7 @@ Options:
|
|||
--no-cache Do not use cache when building the image
|
||||
-o, --output Output destination (format: type=local,dest=path)
|
||||
--pull Always attempt to pull a newer version of the image
|
||||
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
|
||||
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
|
||||
Use plain to show container output
|
||||
-q, --quiet Suppress the build output and print image ID on success
|
||||
--rm Remove intermediate containers after a successful build (default true)
|
||||
|
@ -431,7 +431,7 @@ $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PRO
|
|||
This flag allows you to pass the build-time variables that are
|
||||
accessed like regular environment variables in the `RUN` instruction of the
|
||||
Dockerfile. Also, these values don't persist in the intermediate or final images
|
||||
like `ENV` values do. You must add `--build-arg` for each build argument.
|
||||
like `ENV` values do. You must add `--build-arg` for each build argument.
|
||||
|
||||
Using this flag will not alter the output you see when the `ARG` lines from the
|
||||
Dockerfile are echoed during the build process.
|
||||
|
@ -533,7 +533,7 @@ path):
|
|||
$ docker build --output type=local,dest=out .
|
||||
```
|
||||
|
||||
Use the `tar` type to export the files as a `.tar` archive:
|
||||
Use the `tar` type to export the files as a `.tar` archive:
|
||||
|
||||
```bash
|
||||
$ docker build --output type=tar,dest=out.tar .
|
||||
|
|
|
@ -821,7 +821,7 @@ C:\> dockerd --storage-opt size=40G
|
|||
|
||||
##### `lcow.globalmode`
|
||||
|
||||
Specifies whether the daemon instantiates utility VM instances as required
|
||||
Specifies whether the daemon instantiates utility VM instances as required
|
||||
(recommended and default if omitted), or uses single global utility VM (better
|
||||
performance, but has security implications and not recommended for production
|
||||
deployments).
|
||||
|
@ -1071,7 +1071,7 @@ system's list of trusted CAs instead of enabling `--insecure-registry`.
|
|||
|
||||
#### Legacy Registries
|
||||
|
||||
Starting with Docker 17.12, operations against registries supporting only the
|
||||
Starting with Docker 17.12, operations against registries supporting only the
|
||||
legacy v1 protocol are no longer supported. Specifically, the daemon will not
|
||||
attempt `push`, `pull` and `login` to v1 registries. The exception to this is
|
||||
`search` which can still be performed on v1 registries.
|
||||
|
@ -1446,8 +1446,8 @@ This is a full example of the allowed configuration options on Windows:
|
|||
```
|
||||
|
||||
#### Feature options
|
||||
The optional field `features` in `daemon.json` allows users to enable or disable specific
|
||||
daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the
|
||||
The optional field `features` in `daemon.json` allows users to enable or disable specific
|
||||
daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the
|
||||
default docker image builder.
|
||||
|
||||
The list of currently supported feature options:
|
||||
|
|
|
@ -31,11 +31,11 @@ Options:
|
|||
## Description
|
||||
|
||||
Use `docker events` to get real-time events from the server. These events differ
|
||||
per Docker object type. Different event types have different scopes. Local
|
||||
scoped events are only seen on the node they take place on, and swarm scoped
|
||||
per Docker object type. Different event types have different scopes. Local
|
||||
scoped events are only seen on the node they take place on, and swarm scoped
|
||||
events are seen on all managers.
|
||||
|
||||
Only the last 1000 log events are returned. You can use filters to further limit
|
||||
Only the last 1000 log events are returned. You can use filters to further limit
|
||||
the number of events returned.
|
||||
|
||||
### Object types
|
||||
|
@ -165,7 +165,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
|
|||
seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
|
||||
fraction of a second no more than nine digits long.
|
||||
|
||||
Only the last 1000 log events are returned. You can use filters to further limit
|
||||
Only the last 1000 log events are returned. You can use filters to further limit
|
||||
the number of events returned.
|
||||
|
||||
#### Filtering
|
||||
|
@ -207,7 +207,7 @@ format. Go's [text/template](http://golang.org/pkg/text/template/) package
|
|||
describes all the details of the format.
|
||||
|
||||
If a format is set to `{{json .}}`, the events are streamed as valid JSON
|
||||
Lines. For information about JSON Lines, please refer to http://jsonlines.org/ .
|
||||
Lines. For information about JSON Lines, please refer to http://jsonlines.org/.
|
||||
|
||||
## Examples
|
||||
|
||||
|
@ -410,12 +410,12 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299
|
|||
|
||||
#### Format as JSON
|
||||
|
||||
```none
|
||||
$ docker events --format '{{json .}}'
|
||||
```bash
|
||||
$ docker events --format '{{json .}}'
|
||||
|
||||
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
|
||||
{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
|
||||
{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
|
||||
{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
|
||||
{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
|
||||
```
|
||||
|
|
|
@ -29,7 +29,7 @@ Options:
|
|||
--privileged Give extended privileges to the command
|
||||
-t, --tty Allocate a pseudo-TTY
|
||||
-u, --user Username or UID (format: <name|uid>[:<group|gid>])
|
||||
-w, --workdir Working directory inside the container
|
||||
-w, --workdir Working directory inside the container
|
||||
```
|
||||
|
||||
## Description
|
||||
|
@ -83,8 +83,8 @@ Next, set an environment variable in the current bash session.
|
|||
$ docker exec -it -e VAR=1 ubuntu_bash bash
|
||||
```
|
||||
|
||||
This will create a new Bash session in the container `ubuntu_bash` with environment
|
||||
variable `$VAR` set to "1". Note that this environment variable will only be valid
|
||||
This will create a new Bash session in the container `ubuntu_bash` with environment
|
||||
variable `$VAR` set to "1". Note that this environment variable will only be valid
|
||||
on the current Bash session.
|
||||
|
||||
By default `docker exec` command runs in the same working directory set when container was created.
|
||||
|
|
|
@ -106,7 +106,7 @@ Server:
|
|||
myinsecurehost:5000
|
||||
127.0.0.0/8
|
||||
```
|
||||
|
||||
|
||||
### Show debugging output
|
||||
|
||||
Here is a sample output for a daemon running on Ubuntu, using the overlay2
|
||||
|
|
|
@ -32,6 +32,8 @@ Options:
|
|||
|
||||
Login to a registry.
|
||||
|
||||
## Examples
|
||||
|
||||
### Login to a self-hosted registry
|
||||
|
||||
If you want to login to a self-hosted registry you can specify this by
|
||||
|
@ -94,7 +96,7 @@ For example, to use `docker-credential-osxkeychain`:
|
|||
|
||||
```json
|
||||
{
|
||||
"credsStore": "osxkeychain"
|
||||
"credsStore": "osxkeychain"
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -124,9 +126,9 @@ or an identity token.
|
|||
|
||||
```json
|
||||
{
|
||||
"ServerURL": "https://index.docker.io/v1",
|
||||
"Username": "david",
|
||||
"Secret": "passw0rd1"
|
||||
"ServerURL": "https://index.docker.io/v1",
|
||||
"Username": "david",
|
||||
"Secret": "passw0rd1"
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -145,8 +147,8 @@ and password from this payload:
|
|||
|
||||
```json
|
||||
{
|
||||
"Username": "david",
|
||||
"Secret": "passw0rd1"
|
||||
"Username": "david",
|
||||
"Secret": "passw0rd1"
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -43,8 +43,8 @@ more (ideally more than one) image names. It can then be used in the same way as
|
|||
an image name in `docker pull` and `docker run` commands, for example.
|
||||
|
||||
Ideally a manifest list is created from images that are identical in function for
|
||||
different os/arch combinations. For this reason, manifest lists are often referred to as
|
||||
"multi-arch images". However, a user could create a manifest list that points
|
||||
different os/arch combinations. For this reason, manifest lists are often referred
|
||||
to as "multi-arch images". However, a user could create a manifest list that points
|
||||
to two images -- one for windows on amd64, and one for darwin on amd64.
|
||||
|
||||
### manifest inspect
|
||||
|
@ -62,7 +62,7 @@ Options:
|
|||
-v, --verbose Output additional info including layers and platform
|
||||
```
|
||||
|
||||
### manifest create
|
||||
### manifest create
|
||||
|
||||
```bash
|
||||
Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
|
||||
|
@ -76,6 +76,7 @@ Options:
|
|||
```
|
||||
|
||||
### manifest annotate
|
||||
|
||||
```bash
|
||||
Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
|
||||
|
||||
|
@ -91,6 +92,7 @@ Options:
|
|||
```
|
||||
|
||||
### manifest push
|
||||
|
||||
```bash
|
||||
Usage: docker manifest push [OPTIONS] MANIFEST_LIST
|
||||
|
||||
|
@ -104,12 +106,21 @@ Options:
|
|||
|
||||
### Working with insecure registries
|
||||
|
||||
The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements.
|
||||
The manifest command interacts solely with a Docker registry. Because of this,
|
||||
it has no way to query the engine for the list of allowed insecure registries.
|
||||
To allow the CLI to interact with an insecure registry, some `docker manifest`
|
||||
commands have an `--insecure` flag. For each transaction, such as a `create`,
|
||||
which queries a registry, the `--insecure` flag must be specified. This flag
|
||||
tells the CLI that this registry call may ignore security concerns like missing
|
||||
or self-signed certificates. Likewise, on a `manifest push` to an insecure
|
||||
registry, the `--insecure` flag must be specified. If this is not used with an
|
||||
insecure registry, the manifest command fails to find a registry that meets the
|
||||
default requirements.
|
||||
|
||||
## Examples
|
||||
|
||||
### Inspect an image's manifest object
|
||||
|
||||
|
||||
```bash
|
||||
$ docker manifest inspect hello-world
|
||||
{
|
||||
|
@ -136,7 +147,7 @@ The `docker manifest inspect` command takes an optional `--verbose` flag
|
|||
that gives you the image's name (Ref), and architecture and os (Platform).
|
||||
|
||||
Just as with other docker commands that take image names, you can refer to an image with or
|
||||
without a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f).
|
||||
without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f`).
|
||||
|
||||
Here is an example of inspecting an image's manifest with the `--verbose` flag:
|
||||
|
||||
|
@ -170,17 +181,19 @@ $ docker manifest inspect --verbose hello-world
|
|||
|
||||
### Create and push a manifest list
|
||||
|
||||
To create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would
|
||||
like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push
|
||||
to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port.
|
||||
To create a manifest list, you first `create` the manifest list locally by
|
||||
specifying the constituent images you would like to have included in your
|
||||
manifest list. Keep in mind that this is pushed to a registry, so if you want to
|
||||
push to a registry other than the docker registry, you need to create your
|
||||
manifest list with the registry name or IP and port.
|
||||
This is similar to tagging an image and pushing it to a foreign registry.
|
||||
|
||||
After you have created your local copy of the manifest list, you may optionally
|
||||
`annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values),
|
||||
os features, and an architecture variant.
|
||||
`annotate` it. Annotations allowed are the architecture and operating system
|
||||
(overriding the image's current values), os features, and an architecture variant.
|
||||
|
||||
Finally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands,
|
||||
and an example putting them all together.
|
||||
Finally, you need to `push` your manifest list to the desired registry. Below are
|
||||
descriptions of these three commands, and an example putting them all together.
|
||||
|
||||
```bash
|
||||
$ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
||||
|
@ -188,6 +201,7 @@ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
|
|||
45.55.81.106:5000/coolapp-arm-linux:v1 \
|
||||
45.55.81.106:5000/coolapp-amd64-linux:v1 \
|
||||
45.55.81.106:5000/coolapp-amd64-windows:v1
|
||||
|
||||
Created manifest list 45.55.81.106:5000/coolapp:v1
|
||||
```
|
||||
|
||||
|
@ -255,9 +269,10 @@ $ docker manifest inspect coolapp:v1
|
|||
|
||||
### Push to an insecure registry
|
||||
|
||||
Here is an example of creating and pushing a manifest list using a known insecure registry.
|
||||
Here is an example of creating and pushing a manifest list using a known
|
||||
insecure registry.
|
||||
|
||||
```
|
||||
```bash
|
||||
$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
|
||||
|
@ -265,10 +280,13 @@ $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1
|
|||
myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
|
||||
myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
|
||||
```
|
||||
```
|
||||
|
||||
$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
|
||||
```
|
||||
|
||||
Note that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`.
|
||||
> **Note**: the `--insecure` flag is not required to annotate a manifest list,
|
||||
> since annotations are to a locally-stored copy of a manifest list. You may also
|
||||
> skip the `--insecure` flag if you are performing a `docker manifest inspect`
|
||||
> on a locally-stored manifest list. Be sure to keep in mind that locally-stored
|
||||
> manifest lists are never used by the engine on a `docker pull`.
|
||||
|
||||
|
|
|
@ -192,7 +192,7 @@ The following filter matches all user defined networks:
|
|||
```bash
|
||||
$ docker network ls --filter type=custom
|
||||
NETWORK ID NAME DRIVER SCOPE
|
||||
95e74588f40d foo bridge local
|
||||
95e74588f40d foo bridge local
|
||||
63d1ff1f77b0 dev bridge local
|
||||
```
|
||||
|
||||
|
|
|
@ -42,87 +42,94 @@ details of the format.
|
|||
|
||||
### Inspect a node
|
||||
|
||||
```none
|
||||
```bash
|
||||
$ docker node inspect swarm-manager
|
||||
```
|
||||
|
||||
```json
|
||||
[
|
||||
{
|
||||
{
|
||||
"ID": "e216jshn25ckzbvmwlnh5jr3g",
|
||||
"Version": {
|
||||
"Index": 10
|
||||
"Index": 10
|
||||
},
|
||||
"CreatedAt": "2017-05-16T22:52:44.9910662Z",
|
||||
"UpdatedAt": "2017-05-16T22:52:45.230878043Z",
|
||||
"Spec": {
|
||||
"Role": "manager",
|
||||
"Availability": "active"
|
||||
"Role": "manager",
|
||||
"Availability": "active"
|
||||
},
|
||||
"Description": {
|
||||
"Hostname": "swarm-manager",
|
||||
"Platform": {
|
||||
"Architecture": "x86_64",
|
||||
"OS": "linux"
|
||||
},
|
||||
"Resources": {
|
||||
"NanoCPUs": 1000000000,
|
||||
"MemoryBytes": 1039843328
|
||||
},
|
||||
"Engine": {
|
||||
"EngineVersion": "17.06.0-ce",
|
||||
"Plugins": [
|
||||
{
|
||||
"Type": "Volume",
|
||||
"Name": "local"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "overlay"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "null"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "host"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "bridge"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "overlay"
|
||||
}
|
||||
]
|
||||
},
|
||||
"TLSInfo": {
|
||||
"TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
|
||||
"CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
|
||||
"CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
|
||||
}
|
||||
"Hostname": "swarm-manager",
|
||||
"Platform": {
|
||||
"Architecture": "x86_64",
|
||||
"OS": "linux"
|
||||
},
|
||||
"Resources": {
|
||||
"NanoCPUs": 1000000000,
|
||||
"MemoryBytes": 1039843328
|
||||
},
|
||||
"Engine": {
|
||||
"EngineVersion": "17.06.0-ce",
|
||||
"Plugins": [
|
||||
{
|
||||
"Type": "Volume",
|
||||
"Name": "local"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "overlay"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "null"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "host"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "bridge"
|
||||
},
|
||||
{
|
||||
"Type": "Network",
|
||||
"Name": "overlay"
|
||||
}
|
||||
]
|
||||
},
|
||||
"TLSInfo": {
|
||||
"TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
|
||||
"CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
|
||||
"CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
|
||||
}
|
||||
},
|
||||
"Status": {
|
||||
"State": "ready",
|
||||
"Addr": "168.0.32.137"
|
||||
"State": "ready",
|
||||
"Addr": "168.0.32.137"
|
||||
},
|
||||
"ManagerStatus": {
|
||||
"Leader": true,
|
||||
"Reachability": "reachable",
|
||||
"Addr": "168.0.32.137:2377"
|
||||
"Leader": true,
|
||||
"Reachability": "reachable",
|
||||
"Addr": "168.0.32.137:2377"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
### Specify an output format
|
||||
|
||||
```none
|
||||
```bash
|
||||
$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
|
||||
|
||||
false
|
||||
```
|
||||
|
||||
Use `--format=pretty` or the `--pretty` shorthand to pretty-print the output:
|
||||
|
||||
```bash
|
||||
$ docker node inspect --format=pretty self
|
||||
|
||||
$ docker node inspect --pretty self
|
||||
ID: e216jshn25ckzbvmwlnh5jr3g
|
||||
Hostname: swarm-manager
|
||||
Joined at: 2017-05-16 22:52:44.9910662 +0000 utc
|
||||
|
@ -157,8 +164,8 @@ PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3
|
|||
zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
|
||||
Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
|
||||
Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
|
||||
Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
|
||||
```
|
||||
|
||||
## Related commands
|
||||
|
|
|
@ -162,7 +162,7 @@ The following example uses a template without headers and outputs the
|
|||
```bash
|
||||
$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
|
||||
e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
|
||||
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
|
||||
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
|
||||
```
|
||||
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ e90b8831a4b8 nginx "/bin/bash -c 'mkdir " 11 weeks ago Up 4 hours
|
|||
```
|
||||
* The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container
|
||||
* The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer.
|
||||
|
||||
|
||||
For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section.
|
||||
|
||||
|
||||
|
|
|
@ -36,9 +36,9 @@ image and tag names.
|
|||
Killing the `docker push` process, for example by pressing `CTRL-c` while it is
|
||||
running in a terminal, terminates the push operation.
|
||||
|
||||
Progress bars are shown during docker push, which show the uncompressed size. The
|
||||
actual amount of data that's pushed will be compressed before sending, so the uploaded
|
||||
size will not be reflected by the progress bar.
|
||||
Progress bars are shown during docker push, which show the uncompressed size.
|
||||
The actual amount of data that's pushed will be compressed before sending, so
|
||||
the uploaded size will not be reflected by the progress bar.
|
||||
|
||||
Registry credentials are managed by [docker login](login.md).
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ This example displays images with a name containing 'busybox':
|
|||
$ docker search busybox
|
||||
|
||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||
busybox Busybox base image. 316 [OK]
|
||||
busybox Busybox base image. 316 [OK]
|
||||
progrium/busybox 50 [OK]
|
||||
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
||||
odise/busybox-python 2 [OK]
|
||||
|
@ -85,7 +85,7 @@ at least 3 stars and the description isn't truncated in the output:
|
|||
```bash
|
||||
$ docker search --filter=stars=3 --no-trunc busybox
|
||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||
busybox Busybox base image. 325 [OK]
|
||||
busybox Busybox base image. 325 [OK]
|
||||
progrium/busybox 50 [OK]
|
||||
radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK]
|
||||
```
|
||||
|
@ -115,7 +115,7 @@ least 3 stars:
|
|||
$ docker search --filter stars=3 busybox
|
||||
|
||||
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
|
||||
busybox Busybox base image. 325 [OK]
|
||||
busybox Busybox base image. 325 [OK]
|
||||
progrium/busybox 50 [OK]
|
||||
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
|
||||
```
|
||||
|
@ -193,10 +193,10 @@ $ docker search --format "table {{.Name}}\t{{.IsAutomated}}\t{{.IsOfficial}}" ng
|
|||
|
||||
NAME AUTOMATED OFFICIAL
|
||||
nginx [OK]
|
||||
jwilder/nginx-proxy [OK]
|
||||
richarvey/nginx-php-fpm [OK]
|
||||
jrcs/letsencrypt-nginx-proxy-companion [OK]
|
||||
million12/nginx-php [OK]
|
||||
webdevops/php-nginx [OK]
|
||||
jwilder/nginx-proxy [OK]
|
||||
richarvey/nginx-php-fpm [OK]
|
||||
jrcs/letsencrypt-nginx-proxy-companion [OK]
|
||||
million12/nginx-php [OK]
|
||||
webdevops/php-nginx [OK]
|
||||
{% endraw %}
|
||||
```
|
||||
|
|
|
@ -724,7 +724,7 @@ After adding the `region=east` label to a node in the cluster, the service
|
|||
reconciles, and the desired number of replicas are deployed:
|
||||
|
||||
```bash
|
||||
$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
|
||||
$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
|
||||
yswe2dm4c5fdgtsrli1e8ya5l
|
||||
|
||||
$ docker service ls
|
||||
|
@ -925,7 +925,7 @@ The swarm extends my-network to each node running the service.
|
|||
Containers on the same network can access each other using
|
||||
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
|
||||
|
||||
Long form syntax of `--network` allows to specify list of aliases and driver options:
|
||||
Long form syntax of `--network` allows to specify list of aliases and driver options:
|
||||
`--network name=my-network,alias=web1,driver-opt=field1=value1`
|
||||
|
||||
### Publish service ports externally to the swarm (-p, --publish)
|
||||
|
|
|
@ -123,21 +123,21 @@ JSON output, by using the `--pretty` option:
|
|||
```bash
|
||||
$ docker service inspect --pretty frontend
|
||||
|
||||
ID: c8wgl7q4ndfd52ni6qftkvnnp
|
||||
Name: frontend
|
||||
ID: c8wgl7q4ndfd52ni6qftkvnnp
|
||||
Name: frontend
|
||||
Labels:
|
||||
- org.example.projectname=demo-app
|
||||
Service Mode: REPLICATED
|
||||
Replicas: 5
|
||||
Service Mode: REPLICATED
|
||||
Replicas: 5
|
||||
Placement:
|
||||
UpdateConfig:
|
||||
Parallelism: 0
|
||||
On failure: pause
|
||||
Max failure ratio: 0
|
||||
Parallelism: 0
|
||||
On failure: pause
|
||||
Max failure ratio: 0
|
||||
ContainerSpec:
|
||||
Image: nginx:alpine
|
||||
Image: nginx:alpine
|
||||
Resources:
|
||||
Networks: net1
|
||||
Networks: net1
|
||||
Endpoint Mode: vip
|
||||
Ports:
|
||||
PublishedPort = 4443
|
||||
|
|
|
@ -149,12 +149,12 @@ the port is configured:
|
|||
|
||||
```bash
|
||||
docker info
|
||||
...
|
||||
ClusterID: 9vs5ygs0gguyyec4iqf2314c0
|
||||
Managers: 1
|
||||
Nodes: 1
|
||||
Data Path Port: 7777
|
||||
...
|
||||
...
|
||||
ClusterID: 9vs5ygs0gguyyec4iqf2314c0
|
||||
Managers: 1
|
||||
Nodes: 1
|
||||
Data Path Port: 7777
|
||||
...
|
||||
```
|
||||
|
||||
### `--default-addr-pool`
|
||||
|
|
|
@ -378,8 +378,8 @@ SIGNED TAG DIGEST
|
|||
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
||||
|
||||
Administrative keys for alpine:latest:
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
```
|
||||
|
||||
The `SIGNED TAG` is the signed image tag with a unique content-addressable
|
||||
|
@ -406,8 +406,8 @@ bob 034370bcbd77, 82a66673242c
|
|||
carol b6f9f8e1aab0
|
||||
|
||||
Administrative keys for my-image:
|
||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||
```
|
||||
|
||||
However, if other tags are signed in the same image repository,
|
||||
|
@ -420,8 +420,8 @@ No signatures for alpine:unsigned
|
|||
|
||||
|
||||
Administrative keys for alpine:unsigned:
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
```
|
||||
|
||||
### Get details about signatures for all image tags in a repository
|
||||
|
@ -441,8 +441,8 @@ edge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1
|
|||
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
|
||||
|
||||
Administrative keys for alpine:
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
|
||||
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
|
||||
```
|
||||
|
||||
Here's an example with signers that are set up by `docker trust` commands:
|
||||
|
@ -465,6 +465,6 @@ bob 034370bcbd77, 82a66673242c
|
|||
carol b6f9f8e1aab0
|
||||
|
||||
Administrative keys for my-image:
|
||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
|
||||
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
|
||||
```
|
||||
|
|
|
@ -43,7 +43,6 @@ Repeat passphrase for new alice key with ID 17acf3c:
|
|||
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
||||
$ ls
|
||||
alice.pub
|
||||
|
||||
```
|
||||
|
||||
The private signing key is encrypted by the passphrase and loaded into the docker trust keystore.
|
||||
|
@ -63,5 +62,4 @@ Repeat passphrase for new alice key with ID 17acf3c:
|
|||
Successfully generated and loaded private key. Corresponding public key available: alice.pub
|
||||
$ ls /foo
|
||||
alice.pub
|
||||
|
||||
```
|
||||
|
|
|
@ -27,7 +27,9 @@ Options:
|
|||
|
||||
## Description
|
||||
|
||||
`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`.
|
||||
`docker trust key load` adds private keys to the local docker trust keystore.
|
||||
|
||||
To add a signer to a repository use `docker trust signer add`.
|
||||
|
||||
## Examples
|
||||
|
||||
|
@ -39,19 +41,18 @@ For a private key `alice.pem` with permissions `-rw-------`
|
|||
$ docker trust key load alice.pem
|
||||
|
||||
Loading key from "alice.pem"...
|
||||
Enter passphrase for new signer key with ID f8097df:
|
||||
Repeat passphrase for new signer key with ID f8097df:
|
||||
Enter passphrase for new signer key with ID f8097df:
|
||||
Repeat passphrase for new signer key with ID f8097df:
|
||||
Successfully imported key from alice.pem
|
||||
|
||||
```
|
||||
to specify a name use the `--name` flag
|
||||
|
||||
To specify a name use the `--name` flag:
|
||||
|
||||
```bash
|
||||
$ docker trust key load --name alice-key alice.pem
|
||||
|
||||
Loading key from "alice.pem"...
|
||||
Enter passphrase for new alice-key key with ID f8097df:
|
||||
Repeat passphrase for new alice-key key with ID f8097df:
|
||||
Enter passphrase for new alice-key key with ID f8097df:
|
||||
Repeat passphrase for new alice-key key with ID f8097df:
|
||||
Successfully imported key from alice.pem
|
||||
|
||||
```
|
||||
|
|
|
@ -49,8 +49,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
When `alice`, one of the signers, runs `docker trust revoke`:
|
||||
|
@ -75,8 +75,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
### Revoke signatures on all tags in a repository
|
||||
|
@ -96,8 +96,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
When `alice`, one of the signers, runs `docker trust revoke`:
|
||||
|
@ -124,7 +124,7 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
|
|
|
@ -42,8 +42,8 @@ SIGNED TAG DIGEST
|
|||
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||
```
|
||||
|
||||
Sign a new tag with `docker trust sign`:
|
||||
|
@ -65,7 +65,7 @@ Enter passphrase for repository key with ID 36d4c36:
|
|||
Successfully signed docker.io/example/trust-demo:v2
|
||||
```
|
||||
|
||||
`docker trust view` lists the new signature:
|
||||
Use `docker trust view` to list the new signature:
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
|
@ -74,8 +74,8 @@ v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c8357
|
|||
v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin)
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
|
||||
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
|
||||
```
|
||||
|
||||
### Sign a tag as a signer
|
||||
|
@ -95,8 +95,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
Sign a new tag with `docker trust sign`:
|
||||
|
@ -130,8 +130,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
## Initialize a new repo and sign a tag
|
||||
|
@ -178,7 +178,6 @@ SIGNER KEYS
|
|||
alice 6d52b29d940f
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||
Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||
Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||
Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||
```
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ Options:
|
|||
|
||||
### Add a signer to a repo
|
||||
|
||||
To add a new signer, `alice`, to this repository:
|
||||
To add a new signer, `alice`, to this repository:
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
|
@ -47,8 +47,8 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
Add `alice` with `docker trust signer add`:
|
||||
|
@ -56,8 +56,8 @@ Add `alice` with `docker trust signer add`:
|
|||
```bash
|
||||
$ docker trust signer add alice example/trust-demo --key alice.crt
|
||||
Adding signer "alice" to example/trust-demo...
|
||||
Enter passphrase for repository key with ID 642692c:
|
||||
Successfully added signer: alice to example/trust-demo
|
||||
Enter passphrase for repository key with ID 642692c:
|
||||
Successfully added signer: alice to example/trust-demo
|
||||
```
|
||||
|
||||
`docker trust view` now lists `alice` as a valid signer:
|
||||
|
@ -75,8 +75,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
## Initialize a new repo and add a signer
|
||||
|
@ -91,12 +91,12 @@ No signatures or cannot access example/trust-demo
|
|||
```bash
|
||||
$ docker trust signer add alice example/trust-demo --key alice.crt
|
||||
Initializing signed repository for example/trust-demo...
|
||||
Enter passphrase for root key with ID 748121c:
|
||||
Enter passphrase for new repository key with ID 95b9e55:
|
||||
Repeat passphrase for new repository key with ID 95b9e55:
|
||||
Successfully initialized "example/trust-demo"
|
||||
|
||||
Adding signer "alice" to example/trust-demo...
|
||||
Enter passphrase for root key with ID 748121c:
|
||||
Enter passphrase for new repository key with ID 95b9e55:
|
||||
Repeat passphrase for new repository key with ID 95b9e55:
|
||||
Successfully initialized "example/trust-demo"
|
||||
|
||||
Adding signer "alice" to example/trust-demo...
|
||||
Successfully added signer: alice to example/trust-demo
|
||||
```
|
||||
|
||||
|
@ -114,13 +114,12 @@ SIGNER KEYS
|
|||
alice 6d52b29d940f
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
||||
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
||||
```
|
||||
|
||||
## Add a signer to multiple repos
|
||||
To add a signer, `alice`, to multiple repositories:
|
||||
|
||||
To add a signer, `alice`, to multiple repositories:
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
SIGNED TAG DIGEST SIGNERS
|
||||
|
@ -132,8 +131,8 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
```bash
|
||||
$ docker trust view example/trust-demo2
|
||||
|
@ -146,19 +145,19 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo2:
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
Add `alice` to both repositories with a single `docker trust signer add` command:
|
||||
|
||||
```bash
|
||||
$ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
|
||||
Adding signer "alice" to example/trust-demo...
|
||||
Enter passphrase for repository key with ID 95b9e55:
|
||||
Enter passphrase for repository key with ID 95b9e55:
|
||||
Successfully added signer: alice to example/trust-demo
|
||||
|
||||
Adding signer "alice" to example/trust-demo2...
|
||||
Enter passphrase for repository key with ID ece554f:
|
||||
Enter passphrase for repository key with ID ece554f:
|
||||
Successfully added signer: alice to example/trust-demo2
|
||||
```
|
||||
`docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
|
||||
|
@ -176,8 +175,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
```bash
|
||||
$ docker trust view example/trust-demo2
|
||||
|
@ -191,8 +190,8 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo2:
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
|
||||
|
@ -204,7 +203,7 @@ Adding signer "alice" to example/unauthorized...
|
|||
you are not authorized to perform this operation: server returned 401.
|
||||
|
||||
Adding signer "alice" to example/authorized...
|
||||
Enter passphrase for repository key with ID c6772a0:
|
||||
Enter passphrase for repository key with ID c6772a0:
|
||||
Successfully added signer: alice to example/authorized
|
||||
|
||||
Failed to add signer to: example/unauthorized
|
||||
|
|
|
@ -33,8 +33,7 @@ Options:
|
|||
|
||||
### Remove a signer from a repo
|
||||
|
||||
To remove an existing signer, `alice`, from this repository:
|
||||
|
||||
To remove an existing signer, `alice`, from this repository:
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
|
||||
|
@ -48,18 +47,18 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
Remove `alice` with `docker trust signer remove`:
|
||||
|
||||
```bash
|
||||
$ docker trust signer remove alice example/trust-demo
|
||||
Removing signer "alice" from image example/trust-demo...
|
||||
Enter passphrase for repository key with ID 642692c:
|
||||
Successfully removed alice from example/trust-demo
|
||||
|
||||
Removing signer "alice" from image example/trust-demo...
|
||||
Enter passphrase for repository key with ID 642692c:
|
||||
Successfully removed alice from example/trust-demo
|
||||
```
|
||||
|
||||
`docker trust view` now does not list `alice` as a valid signer:
|
||||
|
@ -76,13 +75,13 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
### Remove a signer from multiple repos
|
||||
|
||||
To remove an existing signer, `alice`, from multiple repositories:
|
||||
To remove an existing signer, `alice`, from multiple repositories:
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
|
@ -96,9 +95,10 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo2
|
||||
SIGNED TAG DIGEST SIGNERS
|
||||
|
@ -111,22 +111,27 @@ alice 05e87edcaecb
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo2:
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
Remove `alice` from both images with a single `docker trust signer remove` command:
|
||||
|
||||
```bash
|
||||
$ docker trust signer remove alice example/trust-demo example/trust-demo2
|
||||
|
||||
Removing signer "alice" from image example/trust-demo...
|
||||
Enter passphrase for repository key with ID 95b9e55:
|
||||
Enter passphrase for repository key with ID 95b9e55:
|
||||
Successfully removed alice from example/trust-demo
|
||||
|
||||
Removing signer "alice" from image example/trust-demo2...
|
||||
Enter passphrase for repository key with ID ece554f:
|
||||
Enter passphrase for repository key with ID ece554f:
|
||||
Successfully removed alice from example/trust-demo2
|
||||
```
|
||||
`docker trust view` no longer lists `alice` as a valid signer of either `example/trust-demo` or `example/trust-demo2`:
|
||||
|
||||
Run `docker trust view` to confirm that `alice` is no longer listed as a valid
|
||||
signer of either `example/trust-demo` or `example/trust-demo2`:
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo
|
||||
SIGNED TAG DIGEST SIGNERS
|
||||
|
@ -138,9 +143,10 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo:
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
```bash
|
||||
$ docker trust view example/trust-demo2
|
||||
SIGNED TAG DIGEST SIGNERS
|
||||
|
@ -152,19 +158,22 @@ SIGNER KEYS
|
|||
bob 5600f5ab76a2
|
||||
|
||||
Administrative keys for example/trust-demo2:
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
||||
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
||||
```
|
||||
|
||||
`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:
|
||||
`docker trust signer remove` removes signers to repositories on a best effort
|
||||
basis, so it will continue to remove the signer from subsequent repositories if
|
||||
one attempt fails:
|
||||
|
||||
```bash
|
||||
$ docker trust signer remove alice example/unauthorized example/authorized
|
||||
|
||||
Removing signer "alice" from image example/unauthorized...
|
||||
No signer alice for image example/unauthorized
|
||||
|
||||
Removing signer "alice" from image example/authorized...
|
||||
Enter passphrase for repository key with ID c6772a0:
|
||||
Enter passphrase for repository key with ID c6772a0:
|
||||
Successfully removed alice from example/authorized
|
||||
|
||||
Error removing signer from: example/unauthorized
|
||||
|
|
|
@ -25,6 +25,7 @@ func generateCliYaml(opts *options) error {
|
|||
commands.AddCommands(cmd, dockerCli)
|
||||
disableFlagsInUseLine(cmd)
|
||||
source := filepath.Join(opts.source, descriptionSourcePath)
|
||||
fmt.Println("Markdown source:", source)
|
||||
if err := loadLongDescription(cmd, source); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -50,23 +51,29 @@ func visitAll(root *cobra.Command, fn func(*cobra.Command)) {
|
|||
fn(root)
|
||||
}
|
||||
|
||||
func loadLongDescription(cmd *cobra.Command, path ...string) error {
|
||||
for _, cmd := range cmd.Commands() {
|
||||
if cmd.Name() == "" {
|
||||
continue
|
||||
}
|
||||
fullpath := filepath.Join(path[0], strings.Join(append(path[1:], cmd.Name()), "_")+".md")
|
||||
|
||||
func loadLongDescription(parentCmd *cobra.Command, path string) error {
|
||||
for _, cmd := range parentCmd.Commands() {
|
||||
if cmd.HasSubCommands() {
|
||||
loadLongDescription(cmd, path[0], cmd.Name())
|
||||
if err := loadLongDescription(cmd, path); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if _, err := os.Stat(fullpath); err != nil {
|
||||
log.Printf("WARN: %s does not exist, skipping\n", fullpath)
|
||||
name := cmd.CommandPath()
|
||||
log.Println("INFO: Generating docs for", name)
|
||||
if i := strings.Index(name, " "); i >= 0 {
|
||||
// remove root command / binary name
|
||||
name = name[i+1:]
|
||||
}
|
||||
if name == "" {
|
||||
continue
|
||||
}
|
||||
mdFile := strings.ReplaceAll(name, " ", "_") + ".md"
|
||||
fullPath := filepath.Join(path, mdFile)
|
||||
content, err := ioutil.ReadFile(fullPath)
|
||||
if os.IsNotExist(err) {
|
||||
log.Printf("WARN: %s does not exist, skipping\n", mdFile)
|
||||
continue
|
||||
}
|
||||
|
||||
content, err := ioutil.ReadFile(fullpath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -95,11 +102,11 @@ func parseArgs() (*options, error) {
|
|||
func main() {
|
||||
opts, err := parseArgs()
|
||||
if err != nil {
|
||||
fmt.Fprintln(os.Stderr, err.Error())
|
||||
log.Println(err)
|
||||
}
|
||||
fmt.Printf("Project root: %s\n", opts.source)
|
||||
fmt.Printf("Generating yaml files into %s\n", opts.target)
|
||||
fmt.Println("Project root: ", opts.source)
|
||||
fmt.Println("YAML output dir:", opts.target)
|
||||
if err := generateCliYaml(opts); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "Failed to generate yaml files: %s\n", err.Error())
|
||||
log.Println("Failed to generate yaml files:", err)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue