From d484456c291a37287ae1ffac9ef53c726852cf66 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 15 Mar 2020 12:58:58 +0100 Subject: [PATCH 1/3] Fix naming of reference docs files These files were intended to document the `swarm join-token` and `swarm unlock-key` subcommands, but were incorrectly using an underscore instead of a hyphen (`-`). As a result, the examples were not picked up by the yamldocs generator. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5115bfa041bc686bc0aa3fe0c1c8f67e417b2744) Signed-off-by: Sebastiaan van Stijn --- .../commandline/{swarm_join_token.md => swarm_join-token.md} | 0 .../commandline/{swarm_unlock_key.md => swarm_unlock-key.md} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename docs/reference/commandline/{swarm_join_token.md => swarm_join-token.md} (100%) rename docs/reference/commandline/{swarm_unlock_key.md => swarm_unlock-key.md} (100%) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join-token.md similarity index 100% rename from docs/reference/commandline/swarm_join_token.md rename to docs/reference/commandline/swarm_join-token.md diff --git a/docs/reference/commandline/swarm_unlock_key.md b/docs/reference/commandline/swarm_unlock-key.md similarity index 100% rename from docs/reference/commandline/swarm_unlock_key.md rename to docs/reference/commandline/swarm_unlock-key.md From c936ea96931abc40731b5ca7ef8ba0a9f70491fa Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 15 Mar 2020 13:13:38 +0100 Subject: [PATCH 2/3] Fix yamldocs generator to accomodate nested subcommands The script was written to only take subcommands at the first and second level into account, but failed to find the Markdown files for extended descriptions of subcommands at the third level, such as `docker trust key generate`, and `docker trust key load`: WARN: /go/src/github.com/docker/cli/docs/reference/commandline/key_generate.md does not exist, skipping WARN: /go/src/github.com/docker/cli/docs/reference/commandline/key_load.md does not exist, skipping WARN: /go/src/github.com/docker/cli/docs/reference/commandline/signer_add.md does not exist, skipping WARN: /go/src/github.com/docker/cli/docs/reference/commandline/signer_remove.md does not exist, skipping This patch updates the script to accomodate subcommands that are more deeply nested. While at it, some minor cleaning and linting issues were also addressed. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit e1b362847fc3b34e46cfa9aad7d82c73cf2a1299) Signed-off-by: Sebastiaan van Stijn --- docs/yaml/generate.go | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/docs/yaml/generate.go b/docs/yaml/generate.go index fdc5a2522f..7244f02e69 100644 --- a/docs/yaml/generate.go +++ b/docs/yaml/generate.go @@ -25,6 +25,7 @@ func generateCliYaml(opts *options) error { commands.AddCommands(cmd, dockerCli) disableFlagsInUseLine(cmd) source := filepath.Join(opts.source, descriptionSourcePath) + fmt.Println("Markdown source:", source) if err := loadLongDescription(cmd, source); err != nil { return err } @@ -50,23 +51,29 @@ func visitAll(root *cobra.Command, fn func(*cobra.Command)) { fn(root) } -func loadLongDescription(cmd *cobra.Command, path ...string) error { - for _, cmd := range cmd.Commands() { - if cmd.Name() == "" { - continue - } - fullpath := filepath.Join(path[0], strings.Join(append(path[1:], cmd.Name()), "_")+".md") - +func loadLongDescription(parentCmd *cobra.Command, path string) error { + for _, cmd := range parentCmd.Commands() { if cmd.HasSubCommands() { - loadLongDescription(cmd, path[0], cmd.Name()) + if err := loadLongDescription(cmd, path); err != nil { + return err + } } - - if _, err := os.Stat(fullpath); err != nil { - log.Printf("WARN: %s does not exist, skipping\n", fullpath) + name := cmd.CommandPath() + log.Println("INFO: Generating docs for", name) + if i := strings.Index(name, " "); i >= 0 { + // remove root command / binary name + name = name[i+1:] + } + if name == "" { + continue + } + mdFile := strings.ReplaceAll(name, " ", "_") + ".md" + fullPath := filepath.Join(path, mdFile) + content, err := ioutil.ReadFile(fullPath) + if os.IsNotExist(err) { + log.Printf("WARN: %s does not exist, skipping\n", mdFile) continue } - - content, err := ioutil.ReadFile(fullpath) if err != nil { return err } @@ -95,11 +102,11 @@ func parseArgs() (*options, error) { func main() { opts, err := parseArgs() if err != nil { - fmt.Fprintln(os.Stderr, err.Error()) + log.Println(err) } - fmt.Printf("Project root: %s\n", opts.source) - fmt.Printf("Generating yaml files into %s\n", opts.target) + fmt.Println("Project root: ", opts.source) + fmt.Println("YAML output dir:", opts.target) if err := generateCliYaml(opts); err != nil { - fmt.Fprintf(os.Stderr, "Failed to generate yaml files: %s\n", err.Error()) + log.Println("Failed to generate yaml files:", err) } } From 9fd323afdcec35e57272a4bafb882f71a2b39e0f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 15 Mar 2020 15:11:43 +0100 Subject: [PATCH 3/3] Fix whitespace that caused short-format in generated YAML If the markdown contains trailing spaces, or has tabs included, the YAML generator uses a compact format for the text (using `\n` and `\t`, instead of plain newlines). The compact format makes it difficult to review changes in the yaml docs when vendoring in the documentation repository. This patch: - removes trailing whitespace - replaces tabs for spaces - fixes some minor formatting and markdown issues Signed-off-by: Sebastiaan van Stijn (cherry picked from commit f912deeec7fcabfba2d6c833854275231bf746cd) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/build.md | 6 +- docs/reference/commandline/dockerd.md | 8 +- docs/reference/commandline/events.md | 24 ++-- docs/reference/commandline/exec.md | 6 +- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/login.md | 14 +- docs/reference/commandline/manifest.md | 54 +++++--- docs/reference/commandline/network_ls.md | 2 +- docs/reference/commandline/node_inspect.md | 123 +++++++++--------- docs/reference/commandline/node_ls.md | 2 +- docs/reference/commandline/ps.md | 2 +- docs/reference/commandline/push.md | 6 +- docs/reference/commandline/search.md | 16 +-- docs/reference/commandline/service_create.md | 4 +- docs/reference/commandline/service_inspect.md | 18 +-- docs/reference/commandline/swarm_init.md | 12 +- docs/reference/commandline/trust_inspect.md | 20 +-- .../commandline/trust_key_generate.md | 2 - docs/reference/commandline/trust_key_load.md | 17 +-- docs/reference/commandline/trust_revoke.md | 16 +-- docs/reference/commandline/trust_sign.md | 23 ++-- .../reference/commandline/trust_signer_add.md | 55 ++++---- .../commandline/trust_signer_remove.md | 55 ++++---- 23 files changed, 260 insertions(+), 227 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index d536693c02..0b0c541bd7 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -49,7 +49,7 @@ Options: --no-cache Do not use cache when building the image -o, --output Output destination (format: type=local,dest=path) --pull Always attempt to pull a newer version of the image - --progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty). + --progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty). Use plain to show container output -q, --quiet Suppress the build output and print image ID on success --rm Remove intermediate containers after a successful build (default true) @@ -431,7 +431,7 @@ $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PRO This flag allows you to pass the build-time variables that are accessed like regular environment variables in the `RUN` instruction of the Dockerfile. Also, these values don't persist in the intermediate or final images -like `ENV` values do. You must add `--build-arg` for each build argument. +like `ENV` values do. You must add `--build-arg` for each build argument. Using this flag will not alter the output you see when the `ARG` lines from the Dockerfile are echoed during the build process. @@ -533,7 +533,7 @@ path): $ docker build --output type=local,dest=out . ``` -Use the `tar` type to export the files as a `.tar` archive: +Use the `tar` type to export the files as a `.tar` archive: ```bash $ docker build --output type=tar,dest=out.tar . diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 46343a7b42..60141de69b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -821,7 +821,7 @@ C:\> dockerd --storage-opt size=40G ##### `lcow.globalmode` -Specifies whether the daemon instantiates utility VM instances as required +Specifies whether the daemon instantiates utility VM instances as required (recommended and default if omitted), or uses single global utility VM (better performance, but has security implications and not recommended for production deployments). @@ -1071,7 +1071,7 @@ system's list of trusted CAs instead of enabling `--insecure-registry`. #### Legacy Registries -Starting with Docker 17.12, operations against registries supporting only the +Starting with Docker 17.12, operations against registries supporting only the legacy v1 protocol are no longer supported. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. @@ -1446,8 +1446,8 @@ This is a full example of the allowed configuration options on Windows: ``` #### Feature options -The optional field `features` in `daemon.json` allows users to enable or disable specific -daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the +The optional field `features` in `daemon.json` allows users to enable or disable specific +daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the default docker image builder. The list of currently supported feature options: diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index eea1218c3a..551a95709f 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -31,11 +31,11 @@ Options: ## Description Use `docker events` to get real-time events from the server. These events differ -per Docker object type. Different event types have different scopes. Local -scoped events are only seen on the node they take place on, and swarm scoped +per Docker object type. Different event types have different scopes. Local +scoped events are only seen on the node they take place on, and swarm scoped events are seen on all managers. -Only the last 1000 log events are returned. You can use filters to further limit +Only the last 1000 log events are returned. You can use filters to further limit the number of events returned. ### Object types @@ -165,7 +165,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. -Only the last 1000 log events are returned. You can use filters to further limit +Only the last 1000 log events are returned. You can use filters to further limit the number of events returned. #### Filtering @@ -207,7 +207,7 @@ format. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. If a format is set to `{{json .}}`, the events are streamed as valid JSON -Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . +Lines. For information about JSON Lines, please refer to http://jsonlines.org/. ## Examples @@ -410,12 +410,12 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299 #### Format as JSON -```none - $ docker events --format '{{json .}}' +```bash +$ docker events --format '{{json .}}' - {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. - {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. - {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. +{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. +{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. ``` diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 35072dad1f..4792256ec0 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -29,7 +29,7 @@ Options: --privileged Give extended privileges to the command -t, --tty Allocate a pseudo-TTY -u, --user Username or UID (format: [:]) - -w, --workdir Working directory inside the container + -w, --workdir Working directory inside the container ``` ## Description @@ -83,8 +83,8 @@ Next, set an environment variable in the current bash session. $ docker exec -it -e VAR=1 ubuntu_bash bash ``` -This will create a new Bash session in the container `ubuntu_bash` with environment -variable `$VAR` set to "1". Note that this environment variable will only be valid +This will create a new Bash session in the container `ubuntu_bash` with environment +variable `$VAR` set to "1". Note that this environment variable will only be valid on the current Bash session. By default `docker exec` command runs in the same working directory set when container was created. diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index aee122008d..4745546364 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -106,7 +106,7 @@ Server: myinsecurehost:5000 127.0.0.0/8 ``` - + ### Show debugging output Here is a sample output for a daemon running on Ubuntu, using the overlay2 diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 95d14d2b55..c3c76ddad7 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -32,6 +32,8 @@ Options: Login to a registry. +## Examples + ### Login to a self-hosted registry If you want to login to a self-hosted registry you can specify this by @@ -94,7 +96,7 @@ For example, to use `docker-credential-osxkeychain`: ```json { - "credsStore": "osxkeychain" + "credsStore": "osxkeychain" } ``` @@ -124,9 +126,9 @@ or an identity token. ```json { - "ServerURL": "https://index.docker.io/v1", - "Username": "david", - "Secret": "passw0rd1" + "ServerURL": "https://index.docker.io/v1", + "Username": "david", + "Secret": "passw0rd1" } ``` @@ -145,8 +147,8 @@ and password from this payload: ```json { - "Username": "david", - "Secret": "passw0rd1" + "Username": "david", + "Secret": "passw0rd1" } ``` diff --git a/docs/reference/commandline/manifest.md b/docs/reference/commandline/manifest.md index 13beb9cdde..7b6b2a5fbb 100644 --- a/docs/reference/commandline/manifest.md +++ b/docs/reference/commandline/manifest.md @@ -43,8 +43,8 @@ more (ideally more than one) image names. It can then be used in the same way as an image name in `docker pull` and `docker run` commands, for example. Ideally a manifest list is created from images that are identical in function for -different os/arch combinations. For this reason, manifest lists are often referred to as -"multi-arch images". However, a user could create a manifest list that points +different os/arch combinations. For this reason, manifest lists are often referred +to as "multi-arch images". However, a user could create a manifest list that points to two images -- one for windows on amd64, and one for darwin on amd64. ### manifest inspect @@ -62,7 +62,7 @@ Options: -v, --verbose Output additional info including layers and platform ``` -### manifest create +### manifest create ```bash Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...] @@ -76,6 +76,7 @@ Options: ``` ### manifest annotate + ```bash Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST @@ -91,6 +92,7 @@ Options: ``` ### manifest push + ```bash Usage: docker manifest push [OPTIONS] MANIFEST_LIST @@ -104,12 +106,21 @@ Options: ### Working with insecure registries -The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements. +The manifest command interacts solely with a Docker registry. Because of this, +it has no way to query the engine for the list of allowed insecure registries. +To allow the CLI to interact with an insecure registry, some `docker manifest` +commands have an `--insecure` flag. For each transaction, such as a `create`, +which queries a registry, the `--insecure` flag must be specified. This flag +tells the CLI that this registry call may ignore security concerns like missing +or self-signed certificates. Likewise, on a `manifest push` to an insecure +registry, the `--insecure` flag must be specified. If this is not used with an +insecure registry, the manifest command fails to find a registry that meets the +default requirements. ## Examples ### Inspect an image's manifest object - + ```bash $ docker manifest inspect hello-world { @@ -136,7 +147,7 @@ The `docker manifest inspect` command takes an optional `--verbose` flag that gives you the image's name (Ref), and architecture and os (Platform). Just as with other docker commands that take image names, you can refer to an image with or -without a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f). +without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f`). Here is an example of inspecting an image's manifest with the `--verbose` flag: @@ -170,17 +181,19 @@ $ docker manifest inspect --verbose hello-world ### Create and push a manifest list -To create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would -like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push -to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port. +To create a manifest list, you first `create` the manifest list locally by +specifying the constituent images you would like to have included in your +manifest list. Keep in mind that this is pushed to a registry, so if you want to +push to a registry other than the docker registry, you need to create your +manifest list with the registry name or IP and port. This is similar to tagging an image and pushing it to a foreign registry. After you have created your local copy of the manifest list, you may optionally -`annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values), -os features, and an architecture variant. +`annotate` it. Annotations allowed are the architecture and operating system +(overriding the image's current values), os features, and an architecture variant. -Finally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands, -and an example putting them all together. +Finally, you need to `push` your manifest list to the desired registry. Below are +descriptions of these three commands, and an example putting them all together. ```bash $ docker manifest create 45.55.81.106:5000/coolapp:v1 \ @@ -188,6 +201,7 @@ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \ 45.55.81.106:5000/coolapp-arm-linux:v1 \ 45.55.81.106:5000/coolapp-amd64-linux:v1 \ 45.55.81.106:5000/coolapp-amd64-windows:v1 + Created manifest list 45.55.81.106:5000/coolapp:v1 ``` @@ -255,9 +269,10 @@ $ docker manifest inspect coolapp:v1 ### Push to an insecure registry -Here is an example of creating and pushing a manifest list using a known insecure registry. +Here is an example of creating and pushing a manifest list using a known +insecure registry. -``` +```bash $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \ @@ -265,10 +280,13 @@ $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1 myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \ myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0 -``` -``` + $ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag ``` -Note that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`. +> **Note**: the `--insecure` flag is not required to annotate a manifest list, +> since annotations are to a locally-stored copy of a manifest list. You may also +> skip the `--insecure` flag if you are performing a `docker manifest inspect` +> on a locally-stored manifest list. Be sure to keep in mind that locally-stored +> manifest lists are never used by the engine on a `docker pull`. diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 6279d32eb2..bfe0e4b18d 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -192,7 +192,7 @@ The following filter matches all user defined networks: ```bash $ docker network ls --filter type=custom NETWORK ID NAME DRIVER SCOPE -95e74588f40d foo bridge local +95e74588f40d foo bridge local 63d1ff1f77b0 dev bridge local ``` diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index fb71b5d24c..743249afee 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -42,87 +42,94 @@ details of the format. ### Inspect a node -```none +```bash $ docker node inspect swarm-manager +``` +```json [ -{ + { "ID": "e216jshn25ckzbvmwlnh5jr3g", "Version": { - "Index": 10 + "Index": 10 }, "CreatedAt": "2017-05-16T22:52:44.9910662Z", "UpdatedAt": "2017-05-16T22:52:45.230878043Z", "Spec": { - "Role": "manager", - "Availability": "active" + "Role": "manager", + "Availability": "active" }, "Description": { - "Hostname": "swarm-manager", - "Platform": { - "Architecture": "x86_64", - "OS": "linux" - }, - "Resources": { - "NanoCPUs": 1000000000, - "MemoryBytes": 1039843328 - }, - "Engine": { - "EngineVersion": "17.06.0-ce", - "Plugins": [ - { - "Type": "Volume", - "Name": "local" - }, - { - "Type": "Network", - "Name": "overlay" - }, - { - "Type": "Network", - "Name": "null" - }, - { - "Type": "Network", - "Name": "host" - }, - { - "Type": "Network", - "Name": "bridge" - }, - { - "Type": "Network", - "Name": "overlay" - } - ] - }, - "TLSInfo": { - "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n", - "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", - "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==" - } + "Hostname": "swarm-manager", + "Platform": { + "Architecture": "x86_64", + "OS": "linux" + }, + "Resources": { + "NanoCPUs": 1000000000, + "MemoryBytes": 1039843328 + }, + "Engine": { + "EngineVersion": "17.06.0-ce", + "Plugins": [ + { + "Type": "Volume", + "Name": "local" + }, + { + "Type": "Network", + "Name": "overlay" + }, + { + "Type": "Network", + "Name": "null" + }, + { + "Type": "Network", + "Name": "host" + }, + { + "Type": "Network", + "Name": "bridge" + }, + { + "Type": "Network", + "Name": "overlay" + } + ] + }, + "TLSInfo": { + "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n", + "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", + "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==" + } }, "Status": { - "State": "ready", - "Addr": "168.0.32.137" + "State": "ready", + "Addr": "168.0.32.137" }, "ManagerStatus": { - "Leader": true, - "Reachability": "reachable", - "Addr": "168.0.32.137:2377" + "Leader": true, + "Reachability": "reachable", + "Addr": "168.0.32.137:2377" } -} + } ] ``` ### Specify an output format -```none +```bash $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self false +``` + +Use `--format=pretty` or the `--pretty` shorthand to pretty-print the output: + +```bash +$ docker node inspect --format=pretty self -$ docker node inspect --pretty self ID: e216jshn25ckzbvmwlnh5jr3g Hostname: swarm-manager Joined at: 2017-05-16 22:52:44.9910662 +0000 utc @@ -157,8 +164,8 @@ PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3 zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ== -----END CERTIFICATE----- - Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ== - Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh + Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ== + Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh ``` ## Related commands diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index bdde243779..bd83a584cc 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -162,7 +162,7 @@ The following example uses a template without headers and outputs the ```bash $ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}" e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready -35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation +35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation ``` diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index ddb8f7d736..cb43297fe6 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -87,7 +87,7 @@ e90b8831a4b8 nginx "/bin/bash -c 'mkdir " 11 weeks ago Up 4 hours ``` * The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container * The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer. - + For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 36ff319651..128560e172 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -36,9 +36,9 @@ image and tag names. Killing the `docker push` process, for example by pressing `CTRL-c` while it is running in a terminal, terminates the push operation. -Progress bars are shown during docker push, which show the uncompressed size. The -actual amount of data that's pushed will be compressed before sending, so the uploaded - size will not be reflected by the progress bar. +Progress bars are shown during docker push, which show the uncompressed size. +The actual amount of data that's pushed will be compressed before sending, so +the uploaded size will not be reflected by the progress bar. Registry credentials are managed by [docker login](login.md). diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 81cd87ed12..373fccbfb0 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -50,7 +50,7 @@ This example displays images with a name containing 'busybox': $ docker search busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 316 [OK] +busybox Busybox base image. 316 [OK] progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] odise/busybox-python 2 [OK] @@ -85,7 +85,7 @@ at least 3 stars and the description isn't truncated in the output: ```bash $ docker search --filter=stars=3 --no-trunc busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 325 [OK] +busybox Busybox base image. 325 [OK] progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] ``` @@ -115,7 +115,7 @@ least 3 stars: $ docker search --filter stars=3 busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 325 [OK] +busybox Busybox base image. 325 [OK] progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] ``` @@ -193,10 +193,10 @@ $ docker search --format "table {{.Name}}\t{{.IsAutomated}}\t{{.IsOfficial}}" ng NAME AUTOMATED OFFICIAL nginx [OK] -jwilder/nginx-proxy [OK] -richarvey/nginx-php-fpm [OK] -jrcs/letsencrypt-nginx-proxy-companion [OK] -million12/nginx-php [OK] -webdevops/php-nginx [OK] +jwilder/nginx-proxy [OK] +richarvey/nginx-php-fpm [OK] +jrcs/letsencrypt-nginx-proxy-companion [OK] +million12/nginx-php [OK] +webdevops/php-nginx [OK] {% endraw %} ``` diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 290f240ee3..3a90b8449b 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -724,7 +724,7 @@ After adding the `region=east` label to a node in the cluster, the service reconciles, and the desired number of replicas are deployed: ```bash -$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l +$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l yswe2dm4c5fdgtsrli1e8ya5l $ docker service ls @@ -925,7 +925,7 @@ The swarm extends my-network to each node running the service. Containers on the same network can access each other using [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery). -Long form syntax of `--network` allows to specify list of aliases and driver options: +Long form syntax of `--network` allows to specify list of aliases and driver options: `--network name=my-network,alias=web1,driver-opt=field1=value1` ### Publish service ports externally to the swarm (-p, --publish) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 58208464ca..46c2ffd48f 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -123,21 +123,21 @@ JSON output, by using the `--pretty` option: ```bash $ docker service inspect --pretty frontend -ID: c8wgl7q4ndfd52ni6qftkvnnp -Name: frontend +ID: c8wgl7q4ndfd52ni6qftkvnnp +Name: frontend Labels: - org.example.projectname=demo-app -Service Mode: REPLICATED - Replicas: 5 +Service Mode: REPLICATED + Replicas: 5 Placement: UpdateConfig: - Parallelism: 0 - On failure: pause - Max failure ratio: 0 + Parallelism: 0 + On failure: pause + Max failure ratio: 0 ContainerSpec: - Image: nginx:alpine + Image: nginx:alpine Resources: -Networks: net1 +Networks: net1 Endpoint Mode: vip Ports: PublishedPort = 4443 diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 429a8c3848..2fd70d911a 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -149,12 +149,12 @@ the port is configured: ```bash docker info - ... - ClusterID: 9vs5ygs0gguyyec4iqf2314c0 - Managers: 1 - Nodes: 1 - Data Path Port: 7777 - ... +... +ClusterID: 9vs5ygs0gguyyec4iqf2314c0 +Managers: 1 +Nodes: 1 +Data Path Port: 7777 +... ``` ### `--default-addr-pool` diff --git a/docs/reference/commandline/trust_inspect.md b/docs/reference/commandline/trust_inspect.md index c8bcc558ef..72f6642adb 100644 --- a/docs/reference/commandline/trust_inspect.md +++ b/docs/reference/commandline/trust_inspect.md @@ -378,8 +378,8 @@ SIGNED TAG DIGEST latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin) Administrative keys for alpine:latest: -Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd -Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce +Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd +Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce ``` The `SIGNED TAG` is the signed image tag with a unique content-addressable @@ -406,8 +406,8 @@ bob 034370bcbd77, 82a66673242c carol b6f9f8e1aab0 Administrative keys for my-image: -Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 -Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f +Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 +Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f ``` However, if other tags are signed in the same image repository, @@ -420,8 +420,8 @@ No signatures for alpine:unsigned Administrative keys for alpine:unsigned: -Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd -Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce +Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd +Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce ``` ### Get details about signatures for all image tags in a repository @@ -441,8 +441,8 @@ edge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1 latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin) Administrative keys for alpine: -Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd -Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce +Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd +Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce ``` Here's an example with signers that are set up by `docker trust` commands: @@ -465,6 +465,6 @@ bob 034370bcbd77, 82a66673242c carol b6f9f8e1aab0 Administrative keys for my-image: -Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 -Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f +Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 +Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f ``` diff --git a/docs/reference/commandline/trust_key_generate.md b/docs/reference/commandline/trust_key_generate.md index f026b98a35..e01c928668 100644 --- a/docs/reference/commandline/trust_key_generate.md +++ b/docs/reference/commandline/trust_key_generate.md @@ -43,7 +43,6 @@ Repeat passphrase for new alice key with ID 17acf3c: Successfully generated and loaded private key. Corresponding public key available: alice.pub $ ls alice.pub - ``` The private signing key is encrypted by the passphrase and loaded into the docker trust keystore. @@ -63,5 +62,4 @@ Repeat passphrase for new alice key with ID 17acf3c: Successfully generated and loaded private key. Corresponding public key available: alice.pub $ ls /foo alice.pub - ``` diff --git a/docs/reference/commandline/trust_key_load.md b/docs/reference/commandline/trust_key_load.md index 15047431af..20b7cffa10 100644 --- a/docs/reference/commandline/trust_key_load.md +++ b/docs/reference/commandline/trust_key_load.md @@ -27,7 +27,9 @@ Options: ## Description -`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`. +`docker trust key load` adds private keys to the local docker trust keystore. + +To add a signer to a repository use `docker trust signer add`. ## Examples @@ -39,19 +41,18 @@ For a private key `alice.pem` with permissions `-rw-------` $ docker trust key load alice.pem Loading key from "alice.pem"... -Enter passphrase for new signer key with ID f8097df: -Repeat passphrase for new signer key with ID f8097df: +Enter passphrase for new signer key with ID f8097df: +Repeat passphrase for new signer key with ID f8097df: Successfully imported key from alice.pem - ``` -to specify a name use the `--name` flag + +To specify a name use the `--name` flag: ```bash $ docker trust key load --name alice-key alice.pem Loading key from "alice.pem"... -Enter passphrase for new alice-key key with ID f8097df: -Repeat passphrase for new alice-key key with ID f8097df: +Enter passphrase for new alice-key key with ID f8097df: +Repeat passphrase for new alice-key key with ID f8097df: Successfully imported key from alice.pem - ``` diff --git a/docs/reference/commandline/trust_revoke.md b/docs/reference/commandline/trust_revoke.md index 799d6639b9..25bd9ea38f 100644 --- a/docs/reference/commandline/trust_revoke.md +++ b/docs/reference/commandline/trust_revoke.md @@ -49,8 +49,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` When `alice`, one of the signers, runs `docker trust revoke`: @@ -75,8 +75,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ### Revoke signatures on all tags in a repository @@ -96,8 +96,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` When `alice`, one of the signers, runs `docker trust revoke`: @@ -124,7 +124,7 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` diff --git a/docs/reference/commandline/trust_sign.md b/docs/reference/commandline/trust_sign.md index 0d42204160..fe5f13ab00 100644 --- a/docs/reference/commandline/trust_sign.md +++ b/docs/reference/commandline/trust_sign.md @@ -42,8 +42,8 @@ SIGNED TAG DIGEST v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin) Administrative keys for example/trust-demo: -Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 -Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b +Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 +Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b ``` Sign a new tag with `docker trust sign`: @@ -65,7 +65,7 @@ Enter passphrase for repository key with ID 36d4c36: Successfully signed docker.io/example/trust-demo:v2 ``` -`docker trust view` lists the new signature: +Use `docker trust view` to list the new signature: ```bash $ docker trust view example/trust-demo @@ -74,8 +74,8 @@ v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c8357 v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin) Administrative keys for example/trust-demo: -Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 -Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b +Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 +Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b ``` ### Sign a tag as a signer @@ -95,8 +95,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` Sign a new tag with `docker trust sign`: @@ -130,8 +130,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ## Initialize a new repo and sign a tag @@ -178,7 +178,6 @@ SIGNER KEYS alice 6d52b29d940f Administrative keys for example/trust-demo: -Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb -Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 +Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb +Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 ``` - diff --git a/docs/reference/commandline/trust_signer_add.md b/docs/reference/commandline/trust_signer_add.md index f9ae03b3cd..ab53a9f288 100644 --- a/docs/reference/commandline/trust_signer_add.md +++ b/docs/reference/commandline/trust_signer_add.md @@ -33,7 +33,7 @@ Options: ### Add a signer to a repo -To add a new signer, `alice`, to this repository: +To add a new signer, `alice`, to this repository: ```bash $ docker trust view example/trust-demo @@ -47,8 +47,8 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` Add `alice` with `docker trust signer add`: @@ -56,8 +56,8 @@ Add `alice` with `docker trust signer add`: ```bash $ docker trust signer add alice example/trust-demo --key alice.crt Adding signer "alice" to example/trust-demo... - Enter passphrase for repository key with ID 642692c: - Successfully added signer: alice to example/trust-demo + Enter passphrase for repository key with ID 642692c: +Successfully added signer: alice to example/trust-demo ``` `docker trust view` now lists `alice` as a valid signer: @@ -75,8 +75,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ## Initialize a new repo and add a signer @@ -91,12 +91,12 @@ No signatures or cannot access example/trust-demo ```bash $ docker trust signer add alice example/trust-demo --key alice.crt Initializing signed repository for example/trust-demo... - Enter passphrase for root key with ID 748121c: - Enter passphrase for new repository key with ID 95b9e55: - Repeat passphrase for new repository key with ID 95b9e55: - Successfully initialized "example/trust-demo" - - Adding signer "alice" to example/trust-demo... + Enter passphrase for root key with ID 748121c: +Enter passphrase for new repository key with ID 95b9e55: +Repeat passphrase for new repository key with ID 95b9e55: +Successfully initialized "example/trust-demo" + +Adding signer "alice" to example/trust-demo... Successfully added signer: alice to example/trust-demo ``` @@ -114,13 +114,12 @@ SIGNER KEYS alice 6d52b29d940f Administrative keys for example/trust-demo: -Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb -Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 +Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb +Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 ``` ## Add a signer to multiple repos -To add a signer, `alice`, to multiple repositories: - +To add a signer, `alice`, to multiple repositories: ```bash $ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS @@ -132,8 +131,8 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ```bash $ docker trust view example/trust-demo2 @@ -146,19 +145,19 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo2: -Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` Add `alice` to both repositories with a single `docker trust signer add` command: ```bash $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt Adding signer "alice" to example/trust-demo... -Enter passphrase for repository key with ID 95b9e55: +Enter passphrase for repository key with ID 95b9e55: Successfully added signer: alice to example/trust-demo Adding signer "alice" to example/trust-demo2... -Enter passphrase for repository key with ID ece554f: +Enter passphrase for repository key with ID ece554f: Successfully added signer: alice to example/trust-demo2 ``` `docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`: @@ -176,8 +175,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ```bash $ docker trust view example/trust-demo2 @@ -191,8 +190,8 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo2: -Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` @@ -204,7 +203,7 @@ Adding signer "alice" to example/unauthorized... you are not authorized to perform this operation: server returned 401. Adding signer "alice" to example/authorized... -Enter passphrase for repository key with ID c6772a0: +Enter passphrase for repository key with ID c6772a0: Successfully added signer: alice to example/authorized Failed to add signer to: example/unauthorized diff --git a/docs/reference/commandline/trust_signer_remove.md b/docs/reference/commandline/trust_signer_remove.md index e496db9dc0..03ce4922d1 100644 --- a/docs/reference/commandline/trust_signer_remove.md +++ b/docs/reference/commandline/trust_signer_remove.md @@ -33,8 +33,7 @@ Options: ### Remove a signer from a repo -To remove an existing signer, `alice`, from this repository: - +To remove an existing signer, `alice`, from this repository: ```bash $ docker trust view example/trust-demo @@ -48,18 +47,18 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` Remove `alice` with `docker trust signer remove`: ```bash $ docker trust signer remove alice example/trust-demo - Removing signer "alice" from image example/trust-demo... - Enter passphrase for repository key with ID 642692c: - Successfully removed alice from example/trust-demo +Removing signer "alice" from image example/trust-demo... +Enter passphrase for repository key with ID 642692c: +Successfully removed alice from example/trust-demo ``` `docker trust view` now does not list `alice` as a valid signer: @@ -76,13 +75,13 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` ### Remove a signer from multiple repos -To remove an existing signer, `alice`, from multiple repositories: +To remove an existing signer, `alice`, from multiple repositories: ```bash $ docker trust view example/trust-demo @@ -96,9 +95,10 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` + ```bash $ docker trust view example/trust-demo2 SIGNED TAG DIGEST SIGNERS @@ -111,22 +111,27 @@ alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo2: -Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` + Remove `alice` from both images with a single `docker trust signer remove` command: ```bash $ docker trust signer remove alice example/trust-demo example/trust-demo2 + Removing signer "alice" from image example/trust-demo... -Enter passphrase for repository key with ID 95b9e55: +Enter passphrase for repository key with ID 95b9e55: Successfully removed alice from example/trust-demo Removing signer "alice" from image example/trust-demo2... -Enter passphrase for repository key with ID ece554f: +Enter passphrase for repository key with ID ece554f: Successfully removed alice from example/trust-demo2 ``` -`docker trust view` no longer lists `alice` as a valid signer of either `example/trust-demo` or `example/trust-demo2`: + +Run `docker trust view` to confirm that `alice` is no longer listed as a valid +signer of either `example/trust-demo` or `example/trust-demo2`: + ```bash $ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS @@ -138,9 +143,10 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: -Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` + ```bash $ docker trust view example/trust-demo2 SIGNED TAG DIGEST SIGNERS @@ -152,19 +158,22 @@ SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo2: -Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 -Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 +Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 +Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails: +`docker trust signer remove` removes signers to repositories on a best effort +basis, so it will continue to remove the signer from subsequent repositories if +one attempt fails: ```bash $ docker trust signer remove alice example/unauthorized example/authorized + Removing signer "alice" from image example/unauthorized... No signer alice for image example/unauthorized Removing signer "alice" from image example/authorized... -Enter passphrase for repository key with ID c6772a0: +Enter passphrase for repository key with ID c6772a0: Successfully removed alice from example/authorized Error removing signer from: example/unauthorized